Overview of CloudGuard Network for Azure VMSS

Use this guide to:

• Deploy a new Check Point VMSS When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. You also need to decide how your VMs are intended to be accessed on the VNet. It is important to plan before creating resources and make sure that you understand the limits of networking resources. for Microsoft Azure.

• Configure an existing Check Point VMSS for Microsoft Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®., for templates 20180610 and above.

  You can locate the template version on each CloudGuard instance in this file:

  /etc/cloud-version

Note - For the list of supported versions, refer to the Support Life Cycle Policy.

Licensing

Check Point CloudGuard Security Gateways and Check Point CloudGuard Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. must have a license.

There are two licensing options:

• Pay As You Go (PAYG)

• Bring Your Own License (BYOL)

Because the number of Security Gateways in VMSS can increase and decrease over time, we recommend that you use Security Gateways with the Pay As You Go (PAYG) license model. For the list of countries, see sk109360.

You can use the Check Point VMSS for Microsoft Azure solution template to launch BYOL Security Gateways.

To buy BYOL licenses, contact Check Point Sales.

For more information about licensing, see the CloudGuard Network Central License Management Utility guide.

Important - A VMSS with a mixture of BYOL and PAYG Security Gateways is not supported. All Security Gateways in a Scale Set must use the same payment plan, either PAYG or BYOL.

Introduction to Virtual Machine Scale Sets (VMSS)

Virtual Machine Scale Sets (VMSS) are an Azure compute resource you can use to deploy and manage sets of identical Virtual Machines (VMs). The Scale Sets increase or decrease the number of Virtual Machines based on the current needs.

For example, multiple web servers server a web application. The web servers are deployed across multiple fault and update domains. A Load Balancer distributes network traffic across this group of web servers as needed.

In the current cyber-landscape, it is very important that you protect these environments from attackers with a security solution that is as scalable as the resources it protects. As the number of resources you protect scales up or down, the number of Security Gateways that provide protection has to scale as well.

See Azure documentation for information on the configuration of multiple Virtual Machines - Configure multiple virtual machines in an availability set for redundancy.

Prerequisites

Make sure you are familiar with these topics:

Vendor	Topics
Microsoft Azure	VMSS Autoscaling Load Balancers High Availability ports Identity and Access Management
Check Point	Check Point Check Point with Azure

Components of the Check Point Deployed Solution

The diagram below depicts an Azure Virtual Network Environment of logically connected Virtual Machines. (VNET) with the Check Point solution deployed.

There are two backend subnets - WebApp1 and WebApp2.

WebApp1 and WebApp2 are each a user-deployed backend subnet. Each has its own load-balanced web server.

The Check Point deployed solution has these components:

• Frontend subnet

• Virtual Machine Scale Set (VMSS)

  The number of instances that you can deploy in the Cloud is dynamic.

• Internal Load Balancer

• Backend subnet

• External Load Balancer

• Public IP address for each VMSS instance (optional)

• You cannot deploy other VMs in the VMSS subnets