This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jcisneros
Participant
Thursday
Jump to solution

Elastic XL

I am creating an ElasticXL cluster. My question is: which interfaces need to be connected between the gateways? Only the SYNC interface, or which ones?

And what do I need to configure on the second member? Is it enough to just have the SYNC interface connected and that’s it? Will it appear automatically?

I’ve tried it, but the second gateway does not appear for me to add it.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Thursday
Jump to solution

For ElasticXL, you need a minimum of four interfaces on each gateway that are connected to the same Layer 2 network, covering Internal, External, Management, and Sync. 
This is shown in the documentation: https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_ScalablePlatforms_AdminGuide...

View solution in original post

9 Replies
the_rock
MVP Diamond
MVP Diamond
Thursday
Jump to solution

I believe you need another data interface as well, sync is not enough.

Best,
Andy
0 Kudos
jcisneros
Participant
Thursday
In response to the_rock
Jump to solution

Can it be any interface and be in the same segment?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
Thursday
In response to jcisneros
Jump to solution

I believe so, yes. Im not sadly elasticxl expert by any means, so maybe someone else can confirm for sure, but I think it can be any interface in L2 domain.

Best,
Andy
0 Kudos
jcisneros
Participant
Thursday
In response to the_rock
Jump to solution

Okay, currently I'm using a back-to-back cable, meaning a cable between them so they can connect, but unfortunately my main computer isn't detecting it.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
Thursday
In response to jcisneros
Jump to solution

Make sure its same VLAN segment and L2 domain.

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
Thursday
Jump to solution

For ElasticXL, you need a minimum of four interfaces on each gateway that are connected to the same Layer 2 network, covering Internal, External, Management, and Sync. 
This is shown in the documentation: https://sc1.checkpoint.com/documents/R82.10/WebAdminGuides/EN/CP_R82.10_ScalablePlatforms_AdminGuide...

jcisneros
Participant
Thursday
In response to PhoneBoy
Jump to solution

So, if I wanted to create a lab and create an Elastic XL, I couldn't? Only with a back-to-back cable? Do I absolutely need four interfaces?

What would the interfaces be?

A-Management interface

B-External interface

C-Synchronization interface

D-Internal interface

0 Kudos
PhoneBoy
Admin
Admin
Thursday
In response to jcisneros
Jump to solution

You need four different L2 network segments.
They can be VLANs, though you usually do not put your sync on a VLAN.
And yes, those are what the segments are for.

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
Thursday
Jump to solution

You create your first gateway as an EXL cluster gateway. Connect up the interfaces you want to connect to your network, there's presumably an internal interface (that could also be the management interface, magg1) and an external interface. SIC it to management, get a policy on there, make sure it all works. 

Install the second gateway. Don't do the FTW, just have it freshly installed. Connect the Sync interface back to back with the first gateway. Connect the other interfaces to the same network segments as the first gateway. Each gateway in an EXL cluster is a semi-independent node on the network, requiring connectivity on the same interfaces to the same networks, much the same as a CXL cluster. In fact, cable it exactly the same as you would a CXL cluster. Then the second gateway will be available from the Cluster interface in the WebUI of the first gateway under Pending Gateways. You can add it to the cluster there.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Thu 05 Mar 2026 @ 12:00 PM (SGT)

    2026 Threat Landscape Briefing - APAC
    Virtual

    Thu 05 Mar 2026 @ 03:00 PM (CET)

    2026 Threat Landscape Briefing - EMEA
    Virtual

    Thu 05 Mar 2026 @ 11:00 AM (EST)

    Tips and Tricks 2026 #1: MCP Servers
    Virtual

    Thu 05 Mar 2026 @ 02:00 PM (EST)

    2026 Threat Landscape Briefing -AMER
    Virtual

    Tue 10 Mar 2026 @ 03:00 PM (EDT)

    Americas Deep Dive: Web Filtering Best Practices
    Virtual

    Wed 11 Mar 2026 @ 12:00 PM (EDT)

    Ink Dragon: A Major Nation-State Cyber Campaign
    CheckMates Events