Check Point CloudGuard IaaS High Availability for Azure

Check Point and Microsoft have partnered to deliver a best-in-class experience for customers looking to extend advanced security protections to their Azure public and hybrid environments. Seamlessly integrating with the Azure and Azure stack cloud infrastructures, CloudGuard for Microsoft Azure provides reliable and secure connectivity to public cloud assets while protecting applications and data with industry-leading threat prevention. Additionally, CloudGuard helps organizations by dramatically simplifying security management and policy enforcement across private, hybrid, and public cloud networks. IT organizations can now achieve an advanced security posture that moves with Virtual Applications as they migrate from data centers to Azure hybrid cloud environment. As an Azure certified technology solution, CloudGuard compliments Azure cloud security controls to enable you to easily and seamlessly secure your assets in the cloud with elastic scalability and high availability using a cloud security solution integrated with both Azure and Azure Stack.

Prerequisites

Setting Up Check Point Clusters in Azure

A cluster is a group of Virtual Machines that work together in High Availability Mode. One Cluster Member is the Active, and the second Cluster Member is the Standby. The cluster fails over from the Active Cluster Member to the Standby Cluster Member when necessary.

  • Cluster Members communicate to each other with unicast IP addresses.

  • For inbound, outbound, and East-West traffic, Cluster Members rely on Azure Load Balancers to represent their external and internal Virtual IP addresses. Load Balancers only forward traffic to the Active Cluster Member.

  • For VPN traffic, Load Balancers use API calls to Azure to communicate the failover from the Active Cluster Member. The Standby Cluster Member then promotes itself to Active.

    During cluster failover, the Standby Cluster Member associates the private and public cluster IP addresses of the Active Cluster Member with its external interface.

 

 

CloudGuard IaaS High Availability for Azure R80.10 and Above Deployment Guide