Cloud HA vrs Cloud MIG
My company is is the process of deploying our infrastructure in GCP and I am trying to see if I should deploy HA pair or MIG when it comes to checkpoint. Does anybody have an article stating the pros and cons when it comes to deploying checkpoint cloudguard either in HA pair or MIG. What I am looking for is if I decided to go with the HA what are my advantages and disadvantages or if I decide to go with MIG deployment what are the good and bad of it.
The main use case for deploying an HA over MIG in public cloud would usually be VPN connectivity.
MIG deployments do not offer Site-To-Site VPN as well as Remote Access VPN.
So if that is a mandatory requirement, HA is the way to go.
In all other cases, MIG is the recommended solution due to the ability to scale the size of the security solution dynamically to match the volume of the the protected environment.
As a rule of thumb, if you are protecting dynamically sized applications, you would want a dynamically sized security solution to match.
@Christian_Casti can probably share additional insights
Recommended reading: GCP MIG with iLB
Thank you Avivs
what you said is exactly what I was thinking, we have a lot of VPN which we cannot terminate on the MIG but can do that with the HA. We are planning on not doing that but rather terminate the VPN on CSR. My question is what is the time frame for the HA failover from the active to standby if the active should go down as compare to the rebuild of a new member of the MIG. I am planning on deploying the MIG but I have to be able to convince my boss that why we will want to choose MIG over HA. Thanks for your help in advance.