https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-Load-Sharing-Limitations-with-Threat-Extraction/m-p/37302#M13651 <HTML><HEAD></HEAD><BODY><P>This is listed in the&nbsp;product documentation as not supported.</P><P>Specifically:&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm">Threat Prevention R80.10 (Part of Check Point Infinity)</A>&nbsp;under the heading "Configuring Threat Extraction in a Cluster".</P><P>A single gateway needs to receive all the traffic related to the document transfer to ensure all potentially unsafe elements can be removed.</P><P>This also applies to many other Threat Prevention capabilities as well unless "Chain Forwarding" is enabled (which reduces overall performance).</P><P>See also:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32403" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32403">Security features do not work in Asymmetric Routing scenario</A>&nbsp;</P></BODY></HTML> Mon, 09 Jul 2018 05:42:07 GMT PhoneBoy 2018-07-09T05:42:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-Load-Sharing-Limitations-with-Threat-Extraction/m-p/37301#M13650 <HTML><HEAD></HEAD><BODY><P>Hi all, i've been configuring a ClusterXL in Load Sharing Unicast Mode but i have a issue. ClusterXL cannot work with Threat Extraction in load sharing unicast mode "The message said that Threat Extraction only Work with ClusterXL HA mode (Active/Standby), if anyone know about this please help.</P><P></P><P>Regards,</P></BODY></HTML> Mon, 09 Jul 2018 01:52:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-Load-Sharing-Limitations-with-Threat-Extraction/m-p/37301#M13650 Wing_Chow 2018-07-09T01:52:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-Load-Sharing-Limitations-with-Threat-Extraction/m-p/37302#M13651 <HTML><HEAD></HEAD><BODY><P>This is listed in the&nbsp;product documentation as not supported.</P><P>Specifically:&nbsp;<A class="link-titled" href="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm" title="https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/html_frameset.htm">Threat Prevention R80.10 (Part of Check Point Infinity)</A>&nbsp;under the heading "Configuring Threat Extraction in a Cluster".</P><P>A single gateway needs to receive all the traffic related to the document transfer to ensure all potentially unsafe elements can be removed.</P><P>This also applies to many other Threat Prevention capabilities as well unless "Chain Forwarding" is enabled (which reduces overall performance).</P><P>See also:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32403" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk32403">Security features do not work in Asymmetric Routing scenario</A>&nbsp;</P></BODY></HTML> Mon, 09 Jul 2018 05:42:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/ClusterXL-Load-Sharing-Limitations-with-Threat-Extraction/m-p/37302#M13651 PhoneBoy 2018-07-09T05:42:07Z