Create a Post
Mo_Am
Participant

Vsec Cluster in a Private Cloud

Jump to solution

Hello,

We are using a private cloud which is based on Openstack. I wanted to know about the procedure of setting up a Vsec Cluster and if it is same with Azure or not? ... Please help how to proceed.

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

We do have unicast sync, but I guess that's only for public cloud versions at the moment (e.g. AWS, Azure).

Lack of ClusterXL support for OpenStack is mentioned in the limitations of the vSEC for OpenStack R80.10 Administration Guide.

That means: no clustering at the moment.

Unicast sync is planned for R80.20, which would allow this to work.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

To the best of my knowledge, setting up a cluster in OpenStack is the same as for physical gateways or in VMware in Network Mode (not with NSX).

ClusterXL R80.10 (Part of Check Point Infinity) Administration Guide 

0 Kudos
Mo_Am
Participant

Hi Daemon,

Thanks for your answer. Does it use multicasting or broadcasting for the state synchronization?... There is a limitation in cloud which does not allow to do it and we should find another way to sync the nodes.

PhoneBoy
Admin
Admin

We do have unicast sync, but I guess that's only for public cloud versions at the moment (e.g. AWS, Azure).

Lack of ClusterXL support for OpenStack is mentioned in the limitations of the vSEC for OpenStack R80.10 Administration Guide.

That means: no clustering at the moment.

Unicast sync is planned for R80.20, which would allow this to work.

View solution in original post

Mo_Am
Participant

Ah. Thanks for this useful information. Is there any update when we will have the R80.20? We really need this Unicast Sync.

0 Kudos
PhoneBoy
Admin
Admin

Timelines for the release of R80.20 are not finalized, but you are welcome to use the public EA.

That said, I'm not sure if this feature is present in the current public EA or not.

Re: Check Point R80.20 Production and Public EA

Herold
Contributor

Hi, 

Is there any limitation with for vSec HA clusters on R80.30 for :

1- VMware ESX private cloud

2- IBM Cloud

Thanks,

Herold

 

 

 

0 Kudos
Nick_Schneider
Explorer

I am trying to deploy a cluster of gateways on that are in vmware and am unable to get them to cluster correctly. This is on R80.30 so I am thinking they have nothing on this yet.  Cany anyone confirm this?

 

0 Kudos
Maarten_Sjouw
Champion
Champion

Nick,

 

You need to make sure all port security on the FW interfaces is turned off. If you do not, it for sure will not work.

Regards, Maarten
0 Kudos