The interface configuration of each node in an ElasticXL configuration is similar ClusterXL (dedicated sync interface plus data/management interfaces).
Which means you would need interface bonds for redundancy on the relevant interfaces per your business requirements.

@PhoneBoy  has been absolutely right with his statement.

The yellow arrows do not represent the physical wiring. It only show that the connections is forwarded via the data interface to the other gateway.

Sounds like IPSO cluster from the good old days 😄

Man, IPSO cluster was the BEST!! 👌

Even VRRP still used the sync piece of ClusterXL.
Though I also remember the days of Stonebeat and Qualix HA 🙂

Oh yeah... I did Stonebeat Full Cluster a few times.  That was a really cool FC product, in my opinion.  I remember RainWall as well, but never used it.  ISTR there was another cluster vendor at the time, but I can't remember now who it was... 

Personally, I was always super impressed with management server running on Solaris...NEVER an issue. You know its rock solid when customers just call you to say that lol

Not that I remember anything about it, as I was a teenager living in war zone on totally another continent, so if anyone said Solaris to me back then, it would have meant absolutely nothing 🤣🤣🤣

Before SIC, there was fw putkey.

I once got a call about trouble with a VPN after an upgrade to R62. Turns out the other end of the tunnel was running 4.1 on Solaris 2.6, I think. It was definitely on an Ultra 5 with the Happy Meal Ethernet (100 megabit with a side of 10 megabit!). So many wild stories from that single call.

Lately, I'm making myself learn PowerShell, and using Windows Server with Hyper-V for my main VM host to help with this goal. Outside of that, I run a lot of illumos (community fork of OpenSolaris made after Oracle bought Sun). ZFS, Dtrace, zones, SMF, fmd, and more recently bhyve. Outside of the XML manifests for SMF, the internals all still feel very current and capable. I'm willing to put up with XML for the benefits SMF provides. It's leaps and bounds better than systemd unit files.

Now I'm going to be a pilosopher too:
I also started in 1996 with the first Check Point Firewalls I believe in version 2.01.
At that time, rules.def and objects.C were still edited by hand. No management server.
With version 3, a tool was provided with which the rules and objects could be created on the gateway.

At that time, a competitor's Raptor firewall was the first FW on the market and it already used Stonebeat.
Raptor is an application-level firewall driven by proxies, which is a bit safer than stateful-inspection or packet-filtering firewalls at this time.

Then came the good old days with Check Point Firewall-1, 4.0, 4.1, Stonebeat Full Cluster, Solaris and IPSO cluster...and my personal favourite version  R65 HF60 (not HF 70).

But we now live in the world of 1TBps firewall throughput and I prefer the modern techniques:

Maestro:
- Maestro Fast Forwarding
- HyperFlow  
- Maestro Autoscaling
- Lightspeed Appliance
...
 

PS:
Only with the kernel versions Check Point should also arrive in today's time and perhaps use a 5.x or 6.x;-)

Wow Heiko, it's interesting how we all seem to have been involved in the same tech throughout our many many years, and better still to see how things have progressed.

Hi @genisis__ ,
Even found a few old books in the cupboard:

@PhoneBoy must not be sad now. The book is at home in the cupboard.;-)

Wow, Im sure those books were golden back in the day 🙂

 just for the hell of it, dug these out!

Good ol' R70 P-1 hehe

Nice! 😁

NGX: The only version that came in hardback. And.... if you got lucky you got a free backpack or shoulder bag with the book. 

I had all that and also NGX III  (CCSE Plus). That was the best course, covering IKEView and INFOView  😄
Many hand written notes in those books.

Also Nokia NSA I & NSA II and PIX and Juniper SRX books (where you have  Stonesoft).

Setting up for the VSX NGX courses back then was all sorts of fun.
It took hours to set up and an hour or so to tear down. Now I can start a VSX (CCVS) lab in the cloud in 2 or 3 minutes 😆

VMWare workstation was great but only so much could be running on one under-powered host. And then came the VLAN part...
It took careful planning and documenting. I had to take a picture of how the classroom looked.

reset_gw

Don .... I have the shoulder bag!

Me too. 😀 

Those were the good old days;-)
Now we're having fun with Maestro, ElasticXL and VS Next.

Architecture and Performance Tuning - Link Collection 

Now that brings back memories!

Actually got certified with Stonesoft back in the day, and did a eval of IPSO/Checkpoint, Cisco and StoneSoft.  At the time Stonesoft out performed the lot but I made a number of observations to the poor SE (who still remembers me!).

Anyone remember Raptor running on Solaris!

I just googled Stonesoft and not surprising, it was Finnish company. Anything that ever came from Finland, rock solid.

Andy

If I remember correctly the founders where ex-Checkpoint.

I believe thats true, yes.

We are truly showing our age!

Speak for yourself mate 😉

Im only 43 years old, so not THAT old LOL

Okay, depends who you ask 🤣🤣

Andy

All very off-topic but brings back lots of memories, so I can't resist .. 🙂

I can go further back. 1992 be be exact. The first IP/Internet firewall was written by Marcus Ranum while he was at DEC (and even contains code "shamelessly stolen" from Guido Van Rossum, according to the source code comments). This was the DEC SEAL, a 3 node fw (bastion host, filter and proxy) which we initially compiled on-site at the customer on DEC Ultrix boxes.  All great fun 🙂  Then came Altavista Firewall which was a SEAL in 1 box and had a very reasonable Web GUI. We even had "clustering" for Altavista for some customers.  

Around this time 1994/5ish Checkpoint showed their stateful-firewall and the rest is history (and some of it has been re-written by the winners). 

Even before that there was a DECnet firewall but we won't go there because I guess there is nobody here who goes that far back 😉  

D