Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion
Jump to solution

R82 - ElasticXL

ElasticXL is a new cluster technology that enables simplified operation with a single management object with automatic configuration and software synchronisation between all cluster members.

ElasticXL is expected to be delivered with R82 or later versions. ElasticXL is based on similar technology to Maestro, but without MHOs. It is based on Check Point's SP versions for a scalable platform that allows you to increase the performance of the security gateways almost linearly.

ElasticXL_2_6456456456.jpg

This is achieved naturally by load balancing between individual gateways that operate in a cluster as a single entity.

This new cluster technology will some of the Maestro featchers such as SMO (Singel Management Object) use.

A ElasticX gateway will work as a pivot member and act simelar as a MHO's in a Maestro environment and simultaneously takes on the role of SMO.

The pivot member takes over the network connection and controls the ARP requests in the network. The pivot member distributes the connections via a distribution matrix to the connected member in the security group similar to a Maestro environment.

Same as the Maestro environments, the familiar SP commands will also be available here and there will also be a gclish. The management traffic will be handled by the SMO (pivot member).

Installation process:

1) The gateways are installed as usual via the First Configuration Wizard. ElasticXL" is now selected instead of "ClusterXL" on the product page.
2) After that, the SIC to the first gateway (pivot member) will be established single gateway (not as a cluster object). Afterwards, the policy can be installed.
3) In the following step the next gateways can be added by (host name, serial number).

Here you can find detailed installation information about ElasticXL:
Install ElasticXL Cluster

>>> Please note that this information is not yet an official statement from Check Point and may change at any time. <<<

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
(2)
46 Replies
PhoneBoy
Admin
Admin

Don't be so sure 😉
I maintained a DEC firewall in 1995...don't remember which one it was.
Quite a big gateway to protect an ISDN line for Internet.
I also did a couple of installs of TIS Gauntlet before I got exposed to Check Point FireWall-1.

0 Kudos
the_rock
Legend
Legend

Maybe embarrassing to admit, but the only thing I remember as a kid back in eastern Europe was commodore 64 😂😂😂

I still recall very first computer we ever owned, had whooping 64K of ram and 128 MBs hdd 🙂

Andy

0 Kudos
Jim_Holmes
Employee Alumnus
Employee Alumnus

... Even before that there was a DECnet firewall but we won't go there because I guess there is nobody here who goes that far back 😉

Don't bet on it.

 

Aka, Chillyjim
0 Kudos
Garrett_DirSec
Advisor

Hello -- I'm digging into this more with imminent release of R82_EA.

Any ideas on the hardware requirements for the Pivot member?    I suggest it won't need to be same specs as the adjacent gateways that will end up handing the connections and persistent sessions.

Should we assume that day one that all nodes of an ElasticXL cluster will need to be same model, but this may change for future?    I'm thinking through the sales conversations about "a new clustering technology that allows you -- Mr Customer -- to leverage investment in gateways day one.   However, you'll now need to buy THREE instead of TWO gateways ... and they'll need to be same model".   

This could get expensive.

Thanks --

ref

@PhoneBoy 

0 Kudos
PhoneBoy
Admin
Admin

Same model is probably a safe assumption for ElasticXL in R82, at least initially.
One gateway will be the SMO (gets policy from management) and distribute to other gateways like Maestro does today.
I don’t believe a gateway will be a “pivot member” similar to how ClusterXL Active/Active clustering works in unicast mode today, though there is a correction layer that ensures the same gateway gets all the traffic for a connection (again, similar to Maestro).

genisis__
Leader Leader
Leader

If we can do a mixed cluster, that would be a huge game changer.

_Val_
Admin
Admin

No, you cannot mix different appliances, not even with ElasticXL

0 Kudos
Steffen_Appel
Advisor

Will Quantum Spark Appliances be supported?

0 Kudos
the_rock
Legend
Legend

I dont believe those appliances will be supported.

PhoneBoy
Admin
Admin

This feature will require R82 and Quantum Spark appliances will not receive this release until sometime after it is released for regular Quantum gateways.
Whether it will support ElasticXL for Quantum Spark is unknown at this time.

0 Kudos
Steffen_Appel
Advisor

OK - thanks.

0 Kudos
Kyaw_Myo_Oo
Participant

Thanks for sharing.

 

Kyaw Myo Oo
CCIE #58769 | PCNSE | CCSE | CISSP | PMP
0 Kudos
babicmilan
Collaborator

Hello, I'm interesting in what clustering technology is ElasticXL (Active/Active or Active/Standby)?

0 Kudos
the_rock
Legend
Legend

I believe its load sharing principle, as its based on Maestro.

0 Kudos
_Val_
Admin
Admin

No, not like Maestro, as it has neither up/down links, nor a load balancer.

ElasticXL is an iteration of a pivot-based load-sharing, pretty similar to the Unicast Load Sharing mode of the classic ClusterXL.

the_rock
Legend
Legend

Right. I meant more like Maestro as far as load sharing.

Andy

0 Kudos
PhoneBoy
Admin
Admin

Maestro uses actual hardware (the orchestrator) for Load Balancing; ElasticXL does not.
I would, therefore, expect the performance to be similar to ClusterXL Load Sharing.
However, you get all the other benefits of Maestro (SMO, better API support, etc).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events