- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: R82 - ElasticXL
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R82 - ElasticXL
ElasticXL is a new cluster technology that enables simplified operation with a single management object with automatic configuration and software synchronisation between all cluster members.
ElasticXL is expected to be delivered with R82 or later versions. ElasticXL is based on similar technology to Maestro, but without MHOs. It is based on Check Point's SP versions for a scalable platform that allows you to increase the performance of the security gateways almost linearly.
This is achieved naturally by load balancing between individual gateways that operate in a cluster as a single entity.
This new cluster technology will some of the Maestro featchers such as SMO (Singel Management Object) use.
A ElasticX gateway will work as a pivot member and act simelar as a MHO's in a Maestro environment and simultaneously takes on the role of SMO.
The pivot member takes over the network connection and controls the ARP requests in the network. The pivot member distributes the connections via a distribution matrix to the connected member in the security group similar to a Maestro environment.
Same as the Maestro environments, the familiar SP commands will also be available here and there will also be a gclish. The management traffic will be handled by the SMO (pivot member).
Installation process:
1) The gateways are installed as usual via the First Configuration Wizard. ElasticXL" is now selected instead of "ClusterXL" on the product page.
2) After that, the SIC to the first gateway (pivot member) will be established single gateway (not as a cluster object). Afterwards, the policy can be installed.
3) In the following step the next gateways can be added by (host name, serial number).
Here you can find detailed installation information about ElasticXL:
Install ElasticXL Cluster
>>> Please note that this information is not yet an official statement from Check Point and may change at any time. <<<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't be so sure 😉
I maintained a DEC firewall in 1995...don't remember which one it was.
Quite a big gateway to protect an ISDN line for Internet.
I also did a couple of installs of TIS Gauntlet before I got exposed to Check Point FireWall-1.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe embarrassing to admit, but the only thing I remember as a kid back in eastern Europe was commodore 64 😂😂😂
I still recall very first computer we ever owned, had whooping 64K of ram and 128 MBs hdd 🙂
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
... Even before that there was a DECnet firewall but we won't go there because I guess there is nobody here who goes that far back 😉
Don't bet on it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello -- I'm digging into this more with imminent release of R82_EA.
Any ideas on the hardware requirements for the Pivot member? I suggest it won't need to be same specs as the adjacent gateways that will end up handing the connections and persistent sessions.
Should we assume that day one that all nodes of an ElasticXL cluster will need to be same model, but this may change for future? I'm thinking through the sales conversations about "a new clustering technology that allows you -- Mr Customer -- to leverage investment in gateways day one. However, you'll now need to buy THREE instead of TWO gateways ... and they'll need to be same model".
This could get expensive.
Thanks --
ref
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same model is probably a safe assumption for ElasticXL in R82, at least initially.
One gateway will be the SMO (gets policy from management) and distribute to other gateways like Maestro does today.
I don’t believe a gateway will be a “pivot member” similar to how ClusterXL Active/Active clustering works in unicast mode today, though there is a correction layer that ensures the same gateway gets all the traffic for a connection (again, similar to Maestro).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If we can do a mixed cluster, that would be a huge game changer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, you cannot mix different appliances, not even with ElasticXL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will Quantum Spark Appliances be supported?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I dont believe those appliances will be supported.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This feature will require R82 and Quantum Spark appliances will not receive this release until sometime after it is released for regular Quantum gateways.
Whether it will support ElasticXL for Quantum Spark is unknown at this time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK - thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for sharing.
CCIE #58769 | PCNSE | CCSE | CISSP | PMP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I'm interesting in what clustering technology is ElasticXL (Active/Active or Active/Standby)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe its load sharing principle, as its based on Maestro.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, not like Maestro, as it has neither up/down links, nor a load balancer.
ElasticXL is an iteration of a pivot-based load-sharing, pretty similar to the Unicast Load Sharing mode of the classic ClusterXL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Right. I meant more like Maestro as far as load sharing.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maestro uses actual hardware (the orchestrator) for Load Balancing; ElasticXL does not.
I would, therefore, expect the performance to be similar to ClusterXL Load Sharing.
However, you get all the other benefits of Maestro (SMO, better API support, etc).
- « Previous
-
- 1
- 2
- Next »