Introduction to Azure Virtual WAN
Microsoft Azure Virtual WAN is a service that lets customers easily establish optimized large-scale branch connectivity with Azure and the Microsoft global network.
Microsoft Azure Virtual WAN is a networking service that provides optimized and automated branch-to-branch connectivity through Azure.
This guide describes the integration of CloudGuard Network Security NVA
Network Virtual Appliance - A resource deployed in Azure's Virtual Hub that includes Security Gateways and other networking infrastructure. (Gateways) into the Azure vWAN Hub and provides step-by-step instructions to configure and use the CloudGuard Network Security NVA in Microsoft Azure Virtual WAN Hub.
Reference architecture:
|
Item |
Description |
|---|---|
|
1 |
|
|
2 |
Microsoft Azure Virtual Hub (for example: East US) |
|
3 |
First CloudGuard Network Security NVA instance |
|
4 |
Second CloudGuard Network Security NVA instance |
|
5 |
Internal Load Balancer |
|
6 |
Express route on Azure virtual Hub |
|
7 |
Azure VPN Gateway |
|
8 |
IPsec Site to Site VPN tunnel from the first on-premises Security Gateway (10) to the Microsoft Azure Virtual Hub (2) |
|
9 |
First Branch |
|
10 |
On-premises Security Gateway (for example: USA, Ohio) |
|
11 |
On-premises host |
|
12 |
Connection between the Microsoft Azure Virtual Hub (2) and the first VNet (13) |
|
13 |
First VNet |
|
14 |
Host in Azure VNet |
For more information, see the Azure Virtual WAN Documentation.
Workflow
The workflow for integrating CloudGuard Network Security NVA with Azure Virtual WAN:
-
Create a Check Point NVA in the Virtual WAN hub in Azure portal.
-
Configure the NVA on the Check Point Management Server.
-
Set the hub's routing intent and policies in the Azure portal to route Internet-bound and private traffic through the NVA.
-
Connect Azure VNets and branch sites to your Azure Virtual WAN.
Follow the steps and considerations outlined in the instructions to make sure the integration is successful.
