Deploy a CloudGuard for GCP with Multiple Network Interfaces
Google Cloud Platform (GCP) allows the deployment of instances with multiple network interfaces.
A typical use case consists of a single Check Point Security Gateway, that monitors traffic in and out of more than one VPC network.
Refer to Reference Architecture for more information regarding the deployment of Check Point solutions on GCP.
- Up to 8 existing VPC networks.
- At least one subnetwork in the desired region in each of the VPC networks.
- Launch a Check Point CloudGuard IaaS Firewall & Threat Prevention solution on GCP Compute Engine.
- Fill in the desired values in the solution form.
- Expand the Additional Network Interfaces section.
- Select the desired amount of additional network interfaces.
- Configure each of the network interfaces:
- Select the desired VPC network.
- Select the desired subnetwork within the VPC network.
- Select the type of external IP address (Static, Ephemeral or None).
- Note: The desired amount of additional network interfaces should correspond with the number of network interface configurations specified.
- A GCP instance can have only one network interface per VPC network. Using the same VPC network more than once will cause the deployment to fail.
- A GCP instance can only be assigned to a subnetwork within the same region as the instance.
- When a GCP instance is assigned to multiple subnetworks, each subnetwork must have a unique IP address range.
- The maximum amount of network interfaces that can be attached to a GCP instance is 8.
- The first network interface of a GCP instance will be the primary interface (e.g. for load balancing).
- Each network interface requires a vCPU core. A lower number of vCPUs than network interfaces may result in unexpected behavior.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.