Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

FULL HA cluster support

Jump to solution

Hello mates,

Question:

Is FULL HA Cluster supported on vmware? This sk60443 says yes.  Installation a Upgrade guide R80.40 says only CP appliances, page 134.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin

We've updated sk60443 so it is clear this is only supported on physical Check Point appliances.
It is not supported on Open servers or virtualized appliances at all.

View solution in original post

17 Replies
Highlighted
Champion
Champion

You did not read sk60443 correctly: These guidelines apply to all Check Point appliances running on Gaia OS / SecurePlatform OS, as well as Virtual Appliances running vSEC Virtual Edition on Gaia OS
(Note: this article does not apply to vSEC for Amazon Web Services, vSEC for Microsoft Azure, vSEC for Google Cloud Platform, vSEC for VMware NSX, vSEC for VMware vCloud Air, vSEC for Cisco ACI, vSEC for OpenStack).

Historically, this had never been supported on OpenServer at all, only on (also virtual) appliances.

But i would put my answer like this: On VMWare, Full HA Cluster does make no sense at all !

  • Gateway clustering = Cluster XL HA should be used
  • SMS on VM is easily cloned, different ways of backup are possible, so we do not need Management HA in most cases we could think of
  • Full HA is the solution with many features for less money very often giving big trouble 😞
  • So out of long experience, i always have suggested to keep the hands from fool management haha...
Highlighted
Advisor
I read it many times but admin guide says different. It makes sense, the answer is as always money, therefore you have to build FULL HA without separate management. That's it.
0 Kudos
Highlighted
Champion
Champion

Which Admin Guide says differently ? The sk39345 (from 03-Okt-2019) says: 

Additional restrictions for ClusterXL Full High Availability configuration:

  • Supported only between appliances with the identical Operating Systems (cluster requirement).

Again: For me it makes no sense to have two small appliances with NPM licenses in Fool HA configuration - it turned  to be a PITA much too often...

0 Kudos
Highlighted
Admin
Admin
This has only ever been supported on physical Check Point appliances, not VMs.
At least as far as I know.
Clearly the SK needs to be updated if for no other reason than to remove the references to vSEC. 😬
Will ask them to clarify this point and update.
Highlighted
Advisor
PhoneBoy
"Will ask them to clarify this point and update."

please do.

and others stop flame, my question was not about ClusterXL active/passive, but about FULL HA standalone cluster and what is /not supported.
0 Kudos
Highlighted
Champion
Champion

I did not notice any flaming here, neither in mine nor someone elses posts, and at least my posts were about fool mgmt ha only 😎 - can you please elaborate your last sentence ?

0 Kudos
Highlighted
Advisor
Guys, I am not new to CP, I know this solution very well, I don't like it either but the project will be FULL HA standalone setup or different vendor. That's it. I don't need a lection about this solution, I just need correct if it's supported on vmware nothing more.

Thanks

Highlighted
Admin
Admin
Not to fan any flames here, but is the decision to do Full HA a function of cost (i.e. separate management requires another license) versus functionality?
0 Kudos
Highlighted
Leader
Leader

Martin,

we too had this requirements from one of our customers end of last year and answer from local Check Point team was  "It's not supported with VMware" only CheckkPoint appliances.

Wolfgang

Highlighted

There are several ways to install a ClusterXL for R80.30 or R80.40:

Open Server and Appliance:

- sk144293 - Check Point R80.30  or sk160736 - Check Point R80.40

CloudGuard Virtual Edition (VE) OpenStack, KVM, ESXi

sk158292 - CloudGuard for Private Cloud images

CloudGuard for VMware NSX 

sk114518: CloudGuard for NSX

 

More read here:

ClusterXL Installation - OpenServer, Appliance, OpenStack, KVM, ESXi, NSX, AWS, ACI, Azure, Google

Highlighted
Employee+
Employee+

Hi Martin

Where in the SK does it state that VMWare is supported for SA? Couldn't find such a statement - can you please point it out.

Thanks

Uri

0 Kudos
Highlighted
Advisor

the second sentence says:

These guidelines apply to all Check Point appliances running on Gaia OS / SecurePlatform OS,
as well as Virtual Appliances running vSEC Virtual Edition on Gaia OS

 

from how I understand its vSEC=CloudGuard=virtual appliance

0 Kudos
Highlighted
Employee+
Employee+

Thanks Martin

I see - however vSEC is a different product and by definition does not support FULL HA, it is not VMWare ESX

Will ask the SK team to clarify

Highlighted

I am happy to say that based on this feedback sk60443 is now updated. Thanks for bringing this to our attention.

Highlighted
Participant

Quick question.

Is Active-Active Cluster XL FW supported in Full HA Setup in r80.40?

While Management Components still remain active/standby.

0 Kudos
Highlighted
Admin
Admin

We've updated sk60443 so it is clear this is only supported on physical Check Point appliances.
It is not supported on Open servers or virtualized appliances at all.

View solution in original post