This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Gold
MVP Gold
Tuesday

ClusterXL vs. ElasticXL

In the past few weeks, I’ve worked on several projects where I had to decide whether to continue using ClusterXL or switch to ElasticXL.

That’s why I keep asking myself: what is the ideal choice to use at the moment?

What are your experiences, and which path are you choosing?


ClusterXL 
R82 ClusterXL Administration Guide - ClusterXL Modes
Advantages Disadvantages
Mature and proven technology – ClusterXL has been around for many versions and is well-documented. Limited scalability: Sync overhead grows with the number of cluster members, especially in Load Sharing mode.
Supports both High Availability (HA) and Load Sharing (Active/Active) modes. IPv6 limitations: Historically limited in Load Sharing mode.
HA mode provides simple redundancy: one active member and one standby, ideal for traditional failover setups. Less future-oriented: Not designed for dynamic scaling or on-the-fly resource expansion.
Load Sharing mode allows multiple members to process traffic simultaneously, increasing throughput.  
Extensive field experience – well-understood by admins and supported by many best practices.  
VSX support  

 


ElasticXL
R82 Scalable Platforms Administration Guide - Working with ElasticXL Cluster
Advantages Disadvantages
Modern architecture: Introduced in Check Point R82 as a next-generation clustering model. New technology: Still relatively new, so there’s less real-world experience and potential early-stage issues.
Single Management Object (SMO): The cluster is managed as one unified gateway object, simplifying administration. Feature limitations: Some traditional modes (like “Traditional VSX”) are not yet supported.
Simplified scalability: Members can be added or removed on the fly, cloning configuration and software automatically from the SMO. Migration effort: Moving from ClusterXL to ElasticXL requires planning and possibly new tools or workflows. 
The conversion tool from VSX to VSNext will be released later.
Dual-site support: Enables deployment across two physical locations. Operational learning curve: ElasticXL introduces new management and deployment concepts that differ from classic clusters.
Improved flexibility and scaling: Designed for elastic, cloud-like environments with dynamic growth.  
VSNext support  

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(1)
9 Replies
the_rock
MVP Gold
MVP Gold
Tuesday

Thanks for that Heiko, super helpful.

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
Tuesday

FWIW, from chatgpt:

 

Key Differences / Trade‑Offs

Here are important comparisons you’ll want to evaluate:

Feature ClusterXL ElasticXL
Architecture & management Traditional clustering: configure each member, cluster object in SmartConsole, manual sync of config/state. sc1.checkpoint.com+1 New style: cluster acts as one object (SMO), simpler member onboarding, automatic sync of config/software. Check Point CheckMates+1
Max cluster size / scalability Up to 5 members in load sharing mode (but performance drops over ~4) according to R81.10 guide. sc1.checkpoint.com+1 Up to 3 members per site (and up to 6 in total across a dual‑site) in current ElasticXL design. Check Point CheckMates+1
Modes supported HA (Active/Standby) and Load Sharing (Active/Active) natively. Fir3net+1 Primarily designed for “load‑sharing pivot/unicast” mode; for HA you can run 2 nodes but the architecture assumptions are slightly different. Check Point CheckMates+1
Member onboarding / operations More manual: each node must be configured, synced, managed individually. Much more streamlined: add member, gets config from SMO, fewer manual steps.
Feature maturity / support Very mature, many field deployments, well documented. Newer: fewer field references, some features may be limited or not yet fully hardened in all use‑cases. One user comment: “I wouldn’t advise moving to R82 unless you have a feature you specifically need.” Reddit
Use case fit Works very well in environments where you need HA or up to moderate scale load‑sharing and you want proven stability. Better fit when you need higher scale, easier operations, plan for growth, or active/active clusters with multiple nodes.
Downside / caveats May require more manual configuration; performance limitations when scaling; older architecture. Because it’s newer, some corner‑cases might still have less field maturity; may not yet support all ClusterXL use‑cases or third‑party integrations. E.g., one forum post: “ElasticXL is not intended to replace the classic ClusterXL at this point” and “there are certain clustering situations which ElasticXL will probably never be able to handle”.
Best,
Andy
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
Tuesday

ElasticXL actually isn't all that new. It's mostly a combination of technologies which have existed for years. It's still mostly ClusterXL (managed and inspected with all the same commands, just a new HA-over-LS traffic distribution mode), the members use VMACs, and the configuration stuff is mostly just a cloning group. There is some new stuff, but less than it seems.

0 Kudos
PhoneBoy
Admin
Admin
Tuesday

Nice work.
A couple of additions:

  • ElasticXL has API support (Gaia API) for adding/removing cluster members.
  • From a licensing perspective, ElasticXL requires less management licenses (for the SMO only, whereas a traditional cluster requires one for each gateway). A potential con is with -HA gateway SKUs, which only work with ClusterXL.
  • The new 3900s cannot use ElasticXL currently (not sure why). 

 

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
Tuesday
In response to PhoneBoy

@PhoneBoy wrote:
  • From a licensing perspective, ElasticXL requires less (for the SMO only, whereas a traditional cluster requires one for each gateway).

Important note! This is about management licenses. You still have to have a gateway license for each member of an ElasticXL cluster, but since the whole cluster appears to the management as a single firewall, the whole cluster only consumes one management license.

0 Kudos
PhoneBoy
Admin
Admin
Tuesday
In response to Bob_Zimmerman

Thanks for clarifying that, I'll fix that in the original. 

0 Kudos
HeikoAnkenbrand
MVP Gold
MVP Gold
yesterday
In response to PhoneBoy

Hi @PhoneBoy,

Since I’ve seen this question come up several times in the forum, I decided to write a Maestro licensing article:
Maestro Licensing

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
HeikoAnkenbrand
MVP Gold
MVP Gold
yesterday
In response to PhoneBoy

@PhoneBoy 

As far as I know, the 39xx appliances have ARM-based CPUs, and therefore not all software features have been implemented yet

PRJ-611 43 To manage 3900 appliances:
  1. The Management Server must run the R82 Jumbo Hotfix Accumulator, Take 19 or higher.
  2. You must use R82 SmartConsole, Build 1053 or higher.
-

By design, the 3900 appliances do not support the Standalone configuration.
PMTR-114921

The 3900 appliances do not support the ElasticXL configuration.
PMTR-106079,
PMTR-114923

The 3900 appliances do not support the Maestro configuration.
PMTR-114894

The 3900 appliances do not support the VSNext mode.
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Alex-
MVP Silver
MVP Silver
Tuesday

For new deployments, we try to go with ElasticXL/VSNext as much as possible, this is where the development will be for years to come and better get used with the new tech as soon as possible in real-world situations.

This being said, we have customers who insist on deploying proven technologies because all the changes are too much at the same time when you add features like UPPAK, P/E cores and so on.

Obviously, a migration tool would greatly help with the technological adoption, we seldom have the opportunity to completely tear down and recreate production clusters.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events