Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AK2
Collaborator

Help with AWS routing tables for CloudGuard with AWS GWLB, Transit Gateway

Hi,

I am trying to configure an environment per https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_AWS_Gateway_Lo... 

1. Transit  Gateway

2. Scale set and GWLB

3. 1 spoke VPC

4. Trying to set up an internet-facing load balancer in the spoke VPC pointing to a workload in the spoke VPC, such that the traffic is inspected by Cloud Guard, ie the optional step in the guide "Configure Inbound traffic to spoke VPCs"

The guide referred to above has a diagram for all the required routes in all routing tables to achieve this. I believe I have followed this (double-checked all). I have set up separate route tables for  all spoke VPC subnets.

The external load balancer/workload setup works correctly when I set the default route of the spoke load balancer subnet to the IGW, however obviously the traffic bypasses CheckPoint.

When I set the default route of the spoke load balancer subnet to the GWLBe which is how the guide says it should be, I can see the traffic enter the workload instance, but the traffic does not seem to be being passed to the security VPC.

My question:

Can you point me to any resources (videos, documents) that cover this use case and the routing in a bit more detail for this CloudGuard set up? It may be that I am interpreting the document incorrectly or missing a vital piece of information.

Thanks in advance,

 

Andrew

 

 

 

0 Kudos
1 Reply
AK2
Collaborator

Hi, 

Sorry to reply to my own post however it seems I have made some progress following the AWS documentation here https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/getting-started.html

Cheers,

 

Andrew

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.