- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- External check to determine active/standby state o...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
External check to determine active/standby state of cluster members?
Background: We use Google Cloud Global HTTP(S) load balancers in front of a CheckPoint CloudGuard HA cluster to handle SSL termination and give each service a different external IP addresses. The CheckPoint cluster members are the load balancer's backend and we're left with a fundamental problem:
- The load balancer does a basic TCP check on port 443 to detect a down member.
- Since both members pass the check regardless of active/standby state, the traffic is distributed 50/50 assuming both are up.
- The max NAT sessions are 16384/66 which obviously is 99/1, not 50/50
That NAT issue is described here and I still don't have a fix for it. So I'm thinking if I can somehow just get the traffic to go 100/0, this fixes the issue.
Is there a way to externally check the active/standby status? Perhaps there's a service that runs only on the active and is shutdown when it goes standby?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
Tue 02 Apr 2024 @ 05:00 PM (CEST)
CloudGuard Under the Hood: VMware NSX-T East-West SecurityTue 02 Apr 2024 @ 05:00 PM (CEST)
CloudGuard Under the Hood: VMware NSX-T East-West Security