Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor
Jump to solution

Active Active Cloudguard AWS

I have a geo cluster configured on AWS in Active / Active mode.. however at a time in logs only 1 FW passes traffic.. how is this an Active/Active cluster if at a time only one Cluster member caters to all the traffic ? by design 1 member is in 1 availability zone and the other is in a different availability zone..still traffic initiated from both zones falls on one Firewall ..only when a cluster down command is issued traffic gets transferred to secondary member. Shudnt both members accept traffic from its respective zones ?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

They are active/active in the sense they are both available to pass traffic.
However, as mentioned in the other thread, the routing is configured so it's more like active/passive.
I presume it's the script we run to monitor state that is also setting the routing so only one of the gateways is receiving the traffic.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin

Technically both gateways are active and available in an active/active config.
What determines which gateway is handling the traffic? Routing.

What precise guide(s) did you follow to set this up?

LostBoY
Advisor

i followed the following 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ClusterXL_AdminGuide/Topics-CXLG/A...

i used cloudformation cross availability zone template to deploy this.. there are 2 external and 2 private subnets for this cluster..i looked into the routing and i can see..under vpc routing of both private subnets there is a default route pointing towards private interface of Firewall 1..so this is why all traffic goes to FW1..these routes in both private subnets were created automatically ..even if i try to modify subnet 2 routing ..it reverts back to point to FW1 automatically..

just wondering..does active-active in this geo cluster means FW is active for both zones ? hence active active  ?

0 Kudos
PhoneBoy
Admin
Admin

They are active/active in the sense they are both available to pass traffic.
However, as mentioned in the other thread, the routing is configured so it's more like active/passive.
I presume it's the script we run to monitor state that is also setting the routing so only one of the gateways is receiving the traffic.

LostBoY
Advisor

i guess this is the most apt explanation as private subnet default routing is auto defined .. thanks for your help

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events