https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93718#M7283 <P>Hi,</P><P>&nbsp;</P><P>We will be having a cluster deployment (mode not decided yet) but the setup is that going to internal we will be connected on a L2 switch on stacked deployment but the catch here is that there are no mesh connections, only Cluster Member 1 going to SW1 and Cluster Member 2 going to SW2.</P><P>We suggest doing a mesh connectivity but we are already out of SFP Ports to use. Given the scenario:</P><P>1. If the SW1/SW2 appliance fails meaning no traffic is being fed to Cluster Member 1 or 2 does cluster failover occurs?</P><P>2. If only a single interface on either SW1/SW2 going to the Cluster Member's fails&nbsp;meaning no traffic is being fed to Cluster Member 1 or 2 on that specific peer interface from SW1/SW2, does cluster failover occurs?</P><P>3. Since the SW1 and SW2 are configured as stacked with no mesh connectivity going on to the Cluster Members, what is the best approach in terms of what Cluster Deployment (High Availability or Load Sharing) is advisable? Pros and Cons of either deployment to the given scenario.</P><P>&nbsp;</P><P>Thanks</P> Sun, 09 Aug 2020 15:30:45 GMT Heisenberg 2020-08-09T15:30:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93718#M7283 <P>Hi,</P><P>&nbsp;</P><P>We will be having a cluster deployment (mode not decided yet) but the setup is that going to internal we will be connected on a L2 switch on stacked deployment but the catch here is that there are no mesh connections, only Cluster Member 1 going to SW1 and Cluster Member 2 going to SW2.</P><P>We suggest doing a mesh connectivity but we are already out of SFP Ports to use. Given the scenario:</P><P>1. If the SW1/SW2 appliance fails meaning no traffic is being fed to Cluster Member 1 or 2 does cluster failover occurs?</P><P>2. If only a single interface on either SW1/SW2 going to the Cluster Member's fails&nbsp;meaning no traffic is being fed to Cluster Member 1 or 2 on that specific peer interface from SW1/SW2, does cluster failover occurs?</P><P>3. Since the SW1 and SW2 are configured as stacked with no mesh connectivity going on to the Cluster Members, what is the best approach in terms of what Cluster Deployment (High Availability or Load Sharing) is advisable? Pros and Cons of either deployment to the given scenario.</P><P>&nbsp;</P><P>Thanks</P> Sun, 09 Aug 2020 15:30:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93718#M7283 Heisenberg 2020-08-09T15:30:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93719#M7284 <P>Use a HA bond (LACP) interface for&nbsp; fully meshed redundancy.</P> <P>The bonding<SPAN>&nbsp;</SPAN><SPAN class="Vars_BladesFeaturestp_ha">High Availability</SPAN><SPAN>&nbsp;</SPAN>mode, when deployed with<SPAN>&nbsp;</SPAN><SPAN class="Vars_BladesFeaturestp_cxl">ClusterXL</SPAN>, enables a higher level of reliability by providing granular redundancy in the network. This granular redundancy is achieved by using a fully meshed topology, which provides for independent backups for both NICs and switches.</P> <P>A fully meshed topology further enhances the redundancy in the system by providing a backup to both the interface and the switch, essentially backing up the cable. Each<SPAN>&nbsp;cl</SPAN><SPAN class="Vars_BladesFeaturestp_clmb">uster member</SPAN><SPAN>&nbsp;</SPAN>has two external interfaces, one connected to each switch.<BR /><BR /></P> <P>More here:&nbsp;<A href="https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ClusterXL_AdminGuide/Content/Topics-CXLG/Bond-HA-in-Cluster-Fully-Meshed-Redundancy.htm?tocpath=Advanced%20Features%20and%20Procedures%7CWorking%20with%20Bond%20Interfaces%20in%20Cluster%7CBond%20High%20Availability%20Mode%20in%20Cluster%7C_____2" target="_self">Bond HA in Cluster Fully Meshed Redundancy</A>&nbsp;&nbsp;</P> Sun, 09 Aug 2020 18:02:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93719#M7284 HeikoAnkenbrand 2020-08-09T18:02:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93780#M7285 <P>Hi HeikoAnkenbrand,</P><P>&nbsp;</P><P>Can you explain what possible scenarios/downside that will happen to the network flow if given that the setup will not be using fully meshed topology.&nbsp;</P> Mon, 10 Aug 2020 16:01:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Cluster-Failover/m-p/93780#M7285 Heisenberg 2020-08-10T16:01:46Z