Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

How to configure gateway failover if interface goes down

Jump to solution

Standalone Full HA deployment currently running 80.10 but soon to be upgraded to 80.30 before the gateways are deployed into Production.

Looking to find out how to configure the gateways to failover to the backup gateway if the following conditions occur:

1.  WAN or LAN interface go down

2.  If the WAN or LAN interface remain up but a switch or upstream/downstream device fails which effectively result in the gateway being able to access the internet or internal network; the gateway fails over to the backup

Thanks 

0 Kudos
1 Solution

Accepted Solutions
Highlighted
1 works by default on cluster interfaces.
2 is not possible, there is no tracking to see if a nexthop or beyond is available or not.
Regards, Maarten

View solution in original post

0 Kudos
4 Replies
Highlighted
1 works by default on cluster interfaces.
2 is not possible, there is no tracking to see if a nexthop or beyond is available or not.
Regards, Maarten

View solution in original post

0 Kudos
Highlighted

Thanks for the response.

Can I just clarify where you said there is no tracking mechanism, that you're referring to both 80.10 and 80.30 and not just 80.10 which I'm running now?

0 Kudos
Highlighted
Tracking is, to my knowledge, not on the scope of Check Point.
I have not heard of any plans or requests on implementation of tracking.
Regards, Maarten
0 Kudos
Highlighted

My 2 cents regarding point 2: Any important up- or downstream device that is not directly connected to the firewall should itself be clustered. Also, since both nodes are connected to the same vlans, a failure further up- or downstream cant be solved by switching to the backup member.

In my experience distributed setups generally work better than standalone full HA deployments, have you consided migrating the management to a seperate server?

Edit: I've found a way to implement this using sk35780 and the clusterXL_monitor_ips script

0 Kudos