https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129811#M23646 <P>They are active/active in the sense they are both available to pass traffic.<BR />However, as mentioned in the other thread, the routing is configured so it's more like active/passive.<BR />I presume it's the script we run to monitor state that is also setting the routing so only one of the gateways is receiving the traffic.</P> Mon, 20 Sep 2021 20:49:55 GMT PhoneBoy 2021-09-20T20:49:55Z https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129659#M23626 <P>I have a geo cluster configured on AWS in Active / Active mode.. however at a time in logs only 1 FW passes traffic.. how is this an Active/Active cluster if at a time only one Cluster member caters to all the traffic ? by design 1 member is in 1 availability zone and the other is in a different availability zone..still traffic initiated from both zones falls on one Firewall ..only when a cluster down command is issued traffic gets transferred to secondary member. Shudnt both members accept traffic from its respective zones ?</P> Fri, 17 Sep 2021 15:00:10 GMT https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129659#M23626 LostBoY 2021-09-17T15:00:10Z https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129688#M23630 <P>Technically both gateways are active and available in an active/active config.<BR />What determines which gateway is handling the traffic? Routing.<BR /><BR />What precise guide(s) did you follow to set this up?</P> Sun, 19 Sep 2021 00:08:05 GMT https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129688#M23630 PhoneBoy 2021-09-19T00:08:05Z https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129750#M23638 <P>i followed the following&nbsp;</P><P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ClusterXL_AdminGuide/Topics-CXLG/Active-Active-Mode.htm#:~:text=The%20IP%20addresses%20of%20the,not%20balanced%20between%20the%20members." target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ClusterXL_AdminGuide/Topics-CXLG/Active-Active-Mode.htm#:~:text=The%20IP%20addresses%20of%20the,not%20balanced%20between%20the%20members.</A></P><P>i used cloudformation cross availability zone template to deploy this.. there are 2 external and 2 private subnets for this cluster..i looked into the routing and i can see..under vpc routing of both private subnets there is a default route pointing towards private interface of Firewall 1..so this is why all traffic goes to FW1..these routes in both private subnets were created automatically ..even if i try to modify subnet 2 routing ..it reverts back to point to FW1 automatically..</P><P>just wondering..does active-active in this geo cluster means FW is active for both zones ? hence active active&nbsp; ?</P> Mon, 20 Sep 2021 07:52:55 GMT https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129750#M23638 LostBoY 2021-09-20T07:52:55Z https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129811#M23646 <P>They are active/active in the sense they are both available to pass traffic.<BR />However, as mentioned in the other thread, the routing is configured so it's more like active/passive.<BR />I presume it's the script we run to monitor state that is also setting the routing so only one of the gateways is receiving the traffic.</P> Mon, 20 Sep 2021 20:49:55 GMT https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129811#M23646 PhoneBoy 2021-09-20T20:49:55Z https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129825#M23647 <P>i guess this is the most apt explanation as private subnet default routing is auto defined .. thanks for your help</P> Tue, 21 Sep 2021 08:49:33 GMT https://community.checkpoint.com/t5/General-Topics/Active-Active-Cloudguard-AWS/m-p/129825#M23647 LostBoY 2021-09-21T08:49:33Z