https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182829#M33533 <P>A gateway, whether or not it’s a cluster, will use the last successfully installed policy UNLESS you don’t have a valid license.<BR />Clustering works on the same principle: it’s generally unaffected by the management not being available.<BR />Two notable exceptions:</P> <UL> <LI>Logs will be stored in the relevant gateway until the management or log server comes back online.</LI> <LI>If you are doing any VPNs using certificate-based authentication with the Internal CA, expect these VPNs to fail after about 24 hours as the CRL points to the management server.</LI> </UL> Thu, 01 Jun 2023 00:31:12 GMT PhoneBoy 2023-06-01T00:31:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182704#M33505 <P><SPAN>I have a couple of questions that need answering:</SPAN></P><P><SPAN>So if the 6600 cluster firewalls aren't able to reach the management server on the other datacentre. What will happen will they still be able to route traffic and essentially just become a router without cluster configuration and Firewall policy? I pushed the policy when I was building the Firewall's for the policy that will be used, so if the management&nbsp;server isn't contactable will this policy still be active and usable?</SPAN></P><P><SPAN>Another scenario; if we are able to get the Firewall to communicate to the management server so that it can install all the policy and form the cluster. If the server was to go down for some unknown reason what will happen to the HA cluster, will the cluster not be formed anymore? Will the Firewall's not be able to transit data? What would be the impact of that scenario? Or would live traffic not be affected?</SPAN></P><P>Jim</P> Wed, 31 May 2023 14:32:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182704#M33505 ZakMeadows 2023-05-31T14:32:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182829#M33533 <P>A gateway, whether or not it’s a cluster, will use the last successfully installed policy UNLESS you don’t have a valid license.<BR />Clustering works on the same principle: it’s generally unaffected by the management not being available.<BR />Two notable exceptions:</P> <UL> <LI>Logs will be stored in the relevant gateway until the management or log server comes back online.</LI> <LI>If you are doing any VPNs using certificate-based authentication with the Internal CA, expect these VPNs to fail after about 24 hours as the CRL points to the management server.</LI> </UL> Thu, 01 Jun 2023 00:31:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182829#M33533 PhoneBoy 2023-06-01T00:31:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182839#M33539 <P>To answer your other question about Firewall HA.</P><P>If one of the FW is down, the other member will take over, that is the reason of HA and live traffic will be not affected unless both devices are down.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 01 Jun 2023 01:36:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182839#M33539 just13pro 2023-06-01T01:36:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182874#M33546 <P>Hi,</P><P>&nbsp;</P><P>I am asking if the Management server was to goes down, will this affect anything to do with how the cluster acts?</P><P>&nbsp;</P><P>Kind Regards,<BR />Zak</P> Thu, 01 Jun 2023 08:37:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182874#M33546 ZakMeadows 2023-06-01T08:37:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182875#M33547 <P>Nope, it will not</P> Thu, 01 Jun 2023 08:39:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-behaviour/m-p/182875#M33547 just13pro 2023-06-01T08:39:33Z