Firewall Interface Specifications
Check Point Specifications
Cloud Provider | Check Point VM Instance Interfaces | Description | Inbound Security Group Rule |
---|---|---|---|
AWS |
eth0 (on subnet -Public-FW-ingress-egress-AZ-a) eth1 (on subnet -dmz-firewall) |
Egress or Untrusted Interface (Egress Interface is used as the management interface) LAN or Trusted Interface |
Controller version lower than 7.0.1577: Allow ALL from 0.0.0.0/0 Controller version 7.0.1577 and above: TCP 443, TCP 22 |
Azure |
eth0 (on subnet -Public-FW-ingress-egress) eth1 (on subnet -dmz-firewall) |
Egress or Untrusted Interface LAN or Trusted Interface |
Allow ALL Allow ALL (do not change) |
FortiGate Specifications
Cloud Provider | FortiGate VM Interfaces | Description | Inbound Security Group Rule |
---|---|---|---|
AWS |
eth0 (on subnet -Public-FW-ingress-egress-AZ-a) eth1 (on subnet -dmz-firewall) |
Egress or Untrusted Interface LAN or Trusted Interface |
Controller version lower than 7.0.1577: Allow ALL Controller version 7.0.1577 and higher: TCP 443 is allowed from the Controller’s public or private IP |
Azure |
eth0 (on subnet -Public-FW-ingress-egress) eth1 (on subnet -dmz-firewall) |
Egress or Untrusted Interface LAN or Trusted Interface |
Allow ALL Allow ALL (do not change) |
Palo Alto Specifications
Palo Alto firewall versions greater than 9.1.3 are not supported in the GCP Transit FireNet configuration. |
Cloud Provider | Header 2 | Header 3 | Header 4 |
---|---|---|---|
AWS |
eth0 (on subnet -Public-FW-ingress-egress-AZ-a) eth1 (on subnet -Public-gateway-and-firewall-mgmt-AZ-a) eth2 (on subnet -dmz-firewall) |
Egress or Untrusted Interface Management Interface LAN or Trusted Interface |
Allow ALL Controller version lower than 7.0.1577: Allow SSH, HTTPS, ICMP, TCP 3978 |
Azure |
eth0 (on subnet -Public-gateway-and-firewall-mgmt) eth1 (on subnet -Public-FW-ingress-egress) eth2 (on subnet -dmz-firewall) |
Management Interface Egress or Untrusted Interface LAN or Trusted Interface |
Allow SSH, HTTPS, ICMP, TCP 3978 Allow ALL Allow ALL (do not change) |
GCP |
nic0 nic1 nic2 |
Egress or Untrusted Interface Management Interface LAN or Trusted Interface |
Allow ALL Allow SSH, HTTPS, ICMP, TCP 3978 Allow ALL (do not change) |