Azure VNet peering is a feature available in Azure that allows customers to interconnect virtual networks in the same region.
With VNet peering, a user defined route used in one virtual network can point to a virtual machine in a peered virtual network. Using this approach one can create a hub-and-spoke environment where a Check Point Security gateway resides in a hub virtual network and inspects traffic originating in another virtual network before it is forwarded to a third virtual network.
For more information, refer to the following Microsoft articles:
Clustering and VNET peering
A User Defined route in one virtual network (VNET A) can point to the active member of a Check Point cluster residing in a cluster virtual network (Cluster VNET). During a cluster failover, the promoted cluster member will automatically modify this route.
To enable this functionality, the service principal used by the cluster should have the following permissions:
- Read access on VNET A.
- Read/Write access on the route tables used in VNET A.
Notes:
- This clustering feature is available starting from version 77.30.8028123
- The peered virtual networks can belong to different subscriptions, as long as the two subscriptions are under the same Azure tenant
Related solutions:
