cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Tags (1)
1 Solution

Accepted Solutions
Admin
Admin

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

We call Active/Active configurations Load Sharing whereas Active/Passive configurations are High Availability. 

Load Sharing configurations are not currently supported with IPv6.

9 Replies
Admin
Admin

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

We call Active/Active configurations Load Sharing whereas Active/Passive configurations are High Availability. 

Load Sharing configurations are not currently supported with IPv6.

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

Hi,

Ok. then IPv6 cluster support in Active/Passive mode.?

0 Kudos
Admin
Admin

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

Correct.

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

Hi Daemon,

Will IPv6 for load sharing be supported in the near future?

0 Kudos

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

I did not hear about such plans, although I am not Dameon Welch-Abernathy🙂

Admin
Admin

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

FWIW, R80.20 doesn't support Load Sharing for IPv4 either.

I'm guessing this is related to the changes made to SecureXL in R80.20.

We do plan to add this back for IPv4 in the near future, not sure about IPv6.

Meanwhile, there does appear to be a customer release for this feature.

You will need to engage with your Check Point office for more information.

0 Kudos

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

I personally do not think LS on physical clusters should be maintained any longer. It is enormously complex solution which brings way too many limitations to be viable these days. 

Just a couple if examples:

1. In Unicast LS mode, with two members, pivot takes care of 30% and forwards other 70% to another member. In terms of bandwidth it means you lose up to 40% of wire speed against HA, just because of sending the same packet twice. 

2. With Multicas mode, Decision Function and Flask&Ack sync mean more latency and potential degradation of PPS against a regular HA, especially if you add more cluster members. Not even talking about acceleration drawbacks.

LS only made sense with slow FW inspection and low speed interfaces. Neither is the case today.

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

We are migrating our network from IPv4 to IPv6, currently have a two member ClusterXL in LS multicast, need to change to HA due to this IPv6 limitation. What would be the best approach to perform this change with minimal downtime, do you know if there is any procedure to perform such change?

Regards.

0 Kudos

Re: Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Jump to solution

Change cluster object properties and install policy. No downtime

0 Kudos