I just deployed a new Check Point Azure HA instance following sk110194 and deploying the HA template referenced therein. I'm having several issues with failover (namely, route tables do not update), but believe I am missing something in the documentation. Some of the confusion I'm having with the sk:
1.) It only mentions creating a cluster VIP for the eth0 (external) interface, but the sk makes several allusions to having a clustered internal interface. I'm wondering if I need to change the eth1 (internal) interface from sync to a "Cluster + Sync" interface like it has me do for the external interface. If i do need to implement a cluster vip for the internal interface, in the routing tables, should I then manually just point all traffic that is current set to go to firewall 1's eth1 to now go to the cluster VIP IP? I've been operating off of the assuming that the failover script would manually point the traffic from firewall 1's eth1 to firewall 2's eth1 upon failover, but can see a scenario where this could be handled by a VIP.
2.) Load balancers were removed from the most recent version of the CloudGuard deployment template, but will I need one in order to get failover to function correctly? The sk makes reference to setting up a load balancer, but doesn't provide any details that I can find.
Thanks for any help you can give,