info about exposing services using AWS multi AZ and Checkpoint
this is our situation:
we AWS account with two AZ ; in these zone there is a Geo Cluster L3 Active Active that is facing internet.
With the actual configuration each firewall has its own public ip ,and for testing purpose I used dynamic object ( configuring them using CLI on each FW ) to public a service over Internet and this is working fine.
But i don't know how to manage the dns registration...
for example when AZ1 is managing the traffic for www.pippo.it has the public ip of the checkpoint in AZ1
when I force the traffic to switch in AZ2 the traffic is managed by the checkpoint in AZ2 ,but www.pippo.it obviously point to ip of AZ1
Is there any other solution ?
In normal situations usually I use a routed network for managing nat ,but on aws it seems impossible
is a fake active active, all the routing table in aws are attached only at a single AZ at once,basically only one AZ manage the traffic,both external and internal.
When we configured everything the only allowed CP configuration was the L3 Geo Cluster because the two AZ are like two different datacenter with two different provider,to make an example with "not cloud" technology.
We are thinking about converting our cluster into a GWLB that *should* works across different zones