https://community.checkpoint.com/t5/General-Topics/Cluster-XL-High-Availability-for-two-checkpoint-Appliances-in/m-p/221583#M36950 <P>Good Day Community</P><P>I have not done Cluster XL - High Availability on checkpoint and i have finally met my fate where i have to configure HA for two checkpoint appliances and the complex scenario is that the security gateways are in different rooms which are located within the same building&nbsp; where Data Center Room 1 is the primary room where all active equipment is hosted and Data Center Room 2 is the secondary room. The rooms have their Cisco core switches which i think its through Hot Standby Router Protocol. I am planing to create another VLAN for the sync ports and primary firewall in room 1 will be the active and in rooms 2 it will be passive there are two management servers and I have to do the same where one is primary and the other will be secondary. Currently i only have the primary firewall connected to ISP router in room 1 i am confused of the topology approach can someone please guide me especially for the WAN links the ISP has allocated a /29 network. I will answer question in an attempt to build towards the solution. I hope all makes sense.</P> Mon, 22 Jul 2024 14:39:10 GMT ThabEugS 2024-07-22T14:39:10Z https://community.checkpoint.com/t5/General-Topics/Cluster-XL-High-Availability-for-two-checkpoint-Appliances-in/m-p/221583#M36950 <P>Good Day Community</P><P>I have not done Cluster XL - High Availability on checkpoint and i have finally met my fate where i have to configure HA for two checkpoint appliances and the complex scenario is that the security gateways are in different rooms which are located within the same building&nbsp; where Data Center Room 1 is the primary room where all active equipment is hosted and Data Center Room 2 is the secondary room. The rooms have their Cisco core switches which i think its through Hot Standby Router Protocol. I am planing to create another VLAN for the sync ports and primary firewall in room 1 will be the active and in rooms 2 it will be passive there are two management servers and I have to do the same where one is primary and the other will be secondary. Currently i only have the primary firewall connected to ISP router in room 1 i am confused of the topology approach can someone please guide me especially for the WAN links the ISP has allocated a /29 network. I will answer question in an attempt to build towards the solution. I hope all makes sense.</P> Mon, 22 Jul 2024 14:39:10 GMT https://community.checkpoint.com/t5/General-Topics/Cluster-XL-High-Availability-for-two-checkpoint-Appliances-in/m-p/221583#M36950 ThabEugS 2024-07-22T14:39:10Z https://community.checkpoint.com/t5/General-Topics/Cluster-XL-High-Availability-for-two-checkpoint-Appliances-in/m-p/221593#M36951 <P>You can set one cluster member to be higher priority than the other such that the cluster will prefer to run on that member if it is healthy. I personally wouldn't, since it makes it easier to not notice problems with the other member until it's too late and you need it to work.</P> <P>I would connect both telco routers to the switches so both firewall members have the same visibility of everything. A failure of the core switch would prevent the attached firewall member or telco router from being reached, but a failure of either telco or either firewall member shouldn't necessitate a failover of any other part of the infrastructure.</P> <P>If you need to conserve IP addresses, you can use off-net member IPs so you don't have to burn an address for each member. That is, you can use 2.3.4.5 as a cluster VIP, and 192.168.144.121 and .122 as the member IPs on that interface. This involves adding a local interface route to each member telling it 2.3.4.4/30 (or whatever) is out the interface so the firewall knows to send ARP requests rather than looking for a gateway address.</P> Mon, 22 Jul 2024 15:19:23 GMT https://community.checkpoint.com/t5/General-Topics/Cluster-XL-High-Availability-for-two-checkpoint-Appliances-in/m-p/221593#M36951 Bob_Zimmerman 2024-07-22T15:19:23Z