Traffic Flows in CloudGuard Network for Azure VMSS

Inbound Traffic

Inbound traffic flow:

  1. The request traffic arrives from the Internet to the Web Public IP of the External Load Balancer, on port 80.

  2. The External Load Balancer translates the port 80 to 8081 and forwards the request traffic to a VMSS Gateway instance.

  3. ​The VMSS Gateway instance:

    1. Inspects the request traffic.

    2. Performs Static NAT on the request traffic.

    3. Forwards the request traffic to the Web Internal Load Balancer.

  4. The Web Internal Load Balancer forwards the request traffic to the Web Server Host.

Inbound Traffic Reply

Inbound traffic reply:

  1. The reply traffic arrives from the Web Server Host to the original VMSS Gateway instance.

  2. The VMSS Gateway instance:

    1. Inspects the reply traffic.

    2. Forwards the reply traffic to the destination on the Internet.

Outbound Traffic

Outbound traffic flow:

  1. The request traffic arrives from the Web Server Host at the Internal Load Balancer in the Check Point deployed solution.

  2. The Internal Load Balancer forwards the request traffic to a VMSS Gateway instance.

  3. The VMSS Gateway instance:

    1. Inspects the request traffic.

    2. Performs Hide NAT on the request traffic.

    3. Sends the request traffic to the Azure route that forwards the connection to the Internet.

Outbound Traffic Reply

Outbound traffic reply:

  1. The reply traffic arrives from the Internet at the original VMSS Gateway instance.

  2. The Check Point Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. instance:

    1. Inspects the reply traffic.

    2. Forwards the reply traffic to the Internal Web Server Host.

East-West Outbound Traffic

East-West outbound traffic flow:

  1. The request traffic arrives from the Web Server Host at the Internal Load Balancer in the Check Point deployed solution.

  2. The Internal Load Balancer forwards the request traffic to a VMSS Gateway instance.

  3. The VMSS Gateway instance:

    1. Inspects the request traffic.

    2. Forwards the request traffic to the Application's Internal Load Balancer of the App Server Host.

  4. The Application's Internal Load Balancer forwards the request traffic to the destination App Server Host.

East-West Outbound Traffic Reply

East-West outbound traffic reply:

  1. The reply traffic arrives from the App Server Host at the Internal Load Balancer in the Check Point deployed solution.

  2. The Internal Load Balancer forwards the reply traffic to the same VMSS Gateway instance that processed the request traffic from the Web Server Host to the App Server Host.

  3. The Check Point Security Gateway instance:

    1. Inspects the reply traffic.

    2. Forwards the reply traffic Web Internal Load Balancer of the Web Server Host.

  4. The Web Internal Load Balancer forwards the request traffic to the destination Web Server Host.

Intra-Subnet Traffic

Traffic travels freely in the subnet without inspection.