CloudGuard IaaS High Availability for Google Cloud Platform

CloudGuard Security Cluster for Google Cloud Platform (GCP) provides High Availability through state synchronization. This occurs when a standby CloudGuard Security Gateway Cluster Member, deployed in one Zone, monitors the state of an active member deployed in another Zone. If the active gateway fails, then the standby member assumes active state and performs the necessary changes in your GCP environment so that traffic is be routed through it.

The CloudGuard Security Cluster provides comprehensive enterprise-grade security. It continues to protect your GCP resources even when it encounters a problem, which on a standalone gateway would have resulted in a complete loss of connectivity.

Prerequisites

Before setting up your system, you must be familiar with the following topics:

Vendor

Topics

Google Cloud Platform

  • Virtual Private Cloud Network

  • Virtual Machines

  • Public IP Addresses

  • Routes

Check Point

Check Point R80.30

Check Point with Google Cloud Platform

Setting Up Check Point Clusters in GCP

A cluster is a group of Virtual Machines that work together in High Availability Mode. One Cluster Member is Active, and the second Cluster Member is Standby. When necessary, the cluster fails over from the Active Cluster Member to the Standby Cluster Member.

  • For VPN traffic, Cluster Members use API calls to GCP to communicate the failover from the Active Cluster Member.

  • The Standby Cluster Member then promotes itself to Active. During cluster failover, the Standby Cluster Member associates the primary external cluster IP address of the Active Cluster Member with its external interface (eth0).
    The Cluster Member that fails uses the GCP API to attach the cluster's secondary IP address to itself.