Pages
Shape Links
Shape Properties
security group
security group
2
Availability Zone 2
Internet Gateway IGW3
Internet Gateway
IGW
3
10.255.255.0/26
10.255.255.0/26
10.50.50.10
10.50.50.10
Check Point R80.10 vSECs
Check Point
R
80.10
vSECs
Permissive SG 0.0.0.0/0 Any Permit
Permissive SG
0
.0.0.0/0 Any Permit
WebServer-A-AZ2 10.100.100.20 Public IP: 107.44.84.86 (Temp. ...
WebServer-A-AZ2
10
.
100
.
100
.
20
Public IP
:
107
.
44
.
84
.
86
(
Temp
.
Dynamic
)
Sec. IP (active member)
Sec. IP (active member)
security group
security group
Launch Group SG aa.aaa.aaa.96/29 SSH Permit 0.0.0.0/0 HTTP Pe...
Launch Group SG
aa
.aaa.aaa.96/29 SSH Permit
0
.0.0.0/0 HTTP Permit
0
.0.0.0/0 HTTPS Permit
Any to Logical Server 10.50.50.20 HTTP/S Permit; Log
Any to Logical Server 10.50.50.20 HTTP/S Permit; Log
CIDR: 10.50.50.0/24
CIDR: 10.50.50.0/24
Associated
Associated
Route Table
Route Table
13.59.185.83
13.59.185.83
route table
route table
10.50.50.0/24 Local
10.50.50.0/24 Local
0.0.0.0/0 IGW3
0.0.0.0/0 IGW3
Elastic IP 3
Elastic IP 3
10.50.50.20
10.50.50.20
18.221.204.34
18.221.204.34
Elastic IP 4
Elastic IP 4
Topology: 10.50.50.0/24 10.55.55.0/24
Topology:
10
.50.50.0/24
10
.55.55.0/24
Topology: 10.50.50.0/26 Antispoofing: do not inspect 10.50.50...
Topology: 10.50.50.0/26
Antispoofing
: do not inspect
10
.50.50.0/26
10.50.50.64/26
10.50.50.64/26
eth2(A)
eth2(A)
10.50.50.70
10.50.50.70
Disable Source/Destination Check on ALL Network Interfaces as...
Disable Source/
Destination Check on
ALL Network Interfaces
assigned to the vSECs
Topology: 10.50.50.0/24 10.55.55.0/24
Topology:
10
.50.50.0/24
10
.55.55.0/24
eth2 Designated for Non-Transparent Proxy on port 8080
eth2 Designated for
Non
-Transparent
Proxy on port
8080
WebServer-B-AZ1 10.100.100.21 Public IP: 107.44.84.85 (Temp. ...
WebServer-B-AZ1
10
.
100
.
100
.
21
Public IP
:
107
.
44
.
84
.
85
(
Temp
.
Dynamic
)
10.50.50.192/26
10.50.50.192/26
10.55.55.64/26
10.55.55.64/26
Listeners: Http 80 Http 80 . HTTPS 443 HTTPS 443 Cert
Listeners:
Http
80
Http
80
.
HTTPS
443
HTTPS
443
Cert
Health Check
Health Check
Health Check
Health Check
2
Availability Zone 2
10.255.255.0/24 pcx
10.255.255.0/24 pcx
10.100.100.0/24 Local
10.100.100.0/24 Local
Route Table
Route Table
Associated
Associated
aa.aaa.aaa.98/32 IGW4
aa.aaa.aaa.98/32 IGW4
Internet Gateway IGW4
Internet Gateway
IGW
4
On Every Instance: export proxy_http=http://10.255.255.140:80...
On Every Instance:
export proxy
_
http
=
http
://
10
.
255
.
255
.
140
:
8080
export proxy
_
https
=
https
://
10
.
255
.
255
.
140
:
8080
export NO
_
PROXY
169
.
254
.
169
.
254
AWS Single AZ vSEC Cluster with Multi-AZ peered VPC
AWS Single AZ vSEC Cluster with Multi-AZ peered VPC
Check Point vSEC in Amazon AWS
Check Point vSEC in Amazon AWS
Vladimir Yakovlev 10/09/2017
Vladimir Yakovlev
10
/09/2017
10.50.50.71
10.50.50.71
eth2(B)
eth2(B)
10.50.50.72
10.50.50.72
Sec IP (active member)
Sec IP (active member)
eth0(A)
eth0(A)
10.50.50.11
10.50.50.11
eth0(B)
eth0(B)
10.50.50.12
10.50.50.12
Sec. IP (active member)
Sec. IP (active member)
52.14.133.131
52.14.133.131
Elastic IP 1
Elastic IP 1
52.15.140.101
52.15.140.101
Elastic IP 2
Elastic IP 2
eth1(A)
eth1(A)
10.50.50.201
10.50.50.201
eth1(B)
eth1(B)
10.50.50.202
10.50.50.202
A
A
B
B
10.50.50.200
10.50.50.200
Sec IP (active member)
Sec IP (active member)
Associated
Associated
1
Availability Zone 1
10.55.55.0/26
10.55.55.0/26
10.50.50.0/24 Local
10.50.50.0/24 Local
0.0.0.0/0 eth1(A)
0.0.0.0/0 eth1(A)
Route Table
Route Table
10.55.55.0/24 pcx
10.55.55.0/24 pcx
Associated
Associated
VPC peering PCX
VPC peering
PCX
Classic Internal ELB
Classic
Internal ELB
VPC-WebTier02 to Cluster01 HTTP/S Proxy; Permit; Extended Log...
VPC-WebTier02 to Cluster01 HTTP/S Proxy; Permit; Extended Log/Session
Cluster01
Cluster01
WebTier02
WebTier02
Internet
Internet
router
router
Default VPC Router created automatically. Interfaces assigned...
Default VPC
Router created
automatically
.
Interfaces
assigned
1
st
IP of
every subnet
created in CIDR
10.50.50.1 10.50.50.65 10.50.50.193
10.50.50.1
10
.50.50.65
10
.50.50.193
router
router
Default VPC Router created automatically. Interfaces assigned...
Default VPC
Router created
automatically
.
Interfaces
assigned
1
st
IP of
every subnet
created in CIDR
10.55.55.1 10.55.55.65
10.55.55.1
10
.55.55.65
CIDR: 10.55.55.0/24
CIDR: 10.55.55.0/24