Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sanjay_S
Advisor

Cluster Member Status

Hi All,

We have 4 cluster members, can we make the cluster member status as Active, Standby, Backup, Backup? Is this achievable?

Regards,

Sanjay S

0 Kudos
12 Replies
genisis__
Leader Leader
Leader

Not dealt with many clusters with more then two nodes, but using ClusterXL I believe the states are Active/Standby only.  In order to define the failover order you would then set the priority order in SmartConsole > Cluster Object > Cluster Members

Capture.PNG

 

 

the_rock
Legend
Legend

Im 99.99% sure its ONLY active/standby, but maybe someone from R&D can confirm 100% : )

0 Kudos
genisis__
Leader Leader
Leader

I believe Active/Standby/Backup applied to VSX and perhaps VRRP.

0 Kudos
PhoneBoy
Admin
Admin

Applies to VSX only.
VRRP is just specific priorities (highest one is active).

I think a more important question is: why?
What is it you’re trying to achieve with a four member cluster?
Surely it’s possible to do, but it seems like an awful lot of excess hardware for only a minimal gain in redundancy.
And if what you’re trying to do is a four member cluster across two sites, there are a lot of other issues you need to address.

0 Kudos
Sanjay_S
Advisor

Hi PhoneBoy,

We have 2 sites and placing 2 firewalls in each location and clustering all 4 of them. We need to prefer the 1st site to be active and only when both the firewalls in 1st has issues then the traffic should fail to 2nd site.

0 Kudos
genisis__
Leader Leader
Leader

This does sounds like my original suggestion of priorities, assuming standard gateway cluster.

0 Kudos
PhoneBoy
Admin
Admin

Remember that clustering assumes there are multiple shared Layer 2 segments between all the gateways with the same IP address space, particularly on the Internet side of the equation.
Between sites, this is rarely the case. 
You need a clear picture of the entire network to understand what all the various traffic flows are and what it will actually take for a failover to occur.
Most likely, a four node cluster is NOT the solution in this case.

0 Kudos
genisis__
Leader Leader
Leader

I agree, and in fact we are going to two of the gateways from the cluster as there is no benefit.  I would just have the servers sitting in the rack as cold standbys if anything.

As Vlad has rightly said below, it would be better to have two separate HA cluster, at least you would then have utilisation of two of the nodes.

0 Kudos
Vladimir
Champion
Champion

For the love of everything, do not do it 🙂  IMHO, better to invest time in the configuration of the routing failover between sites and have an HA cluster in each site.

 

Lari_Luoma
Ambassador Ambassador
Ambassador

With VSLS yes, in SGW mode no.

Lari_Luoma
Ambassador Ambassador
Ambassador

To complement PhoneBoy’s answer there is a clustering solution that could work in this case. It’s Check Point Maestro. With Maestro you can have several gateways active on one site and standby on another.

0 Kudos
genisis__
Leader Leader
Leader

I was thinking about that as well, but ultimately it may not be a cost viable solution, but its certainly a good option, technically.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events