This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
Wednesday

Synchronization Interface in a Cluster

If I have a cluster, does the sync interface between two nodes need to be physically connected, or can it use a VLAN instead?
What happens if the two nodes are geographically distant from each other, or if I need to temporarily move one of the nodes—can synchronization still work?

Thanks

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
Wednesday

See the full story in https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ClusterXL_AdminGuide/Topics-...

Question 1: You can use physical connections (like Node 1 Sync IF - switch - Node 2 Sync IF) or VLAN, but by design, the synchronization network is supported on the lowest VLAN tag only (https://support.checkpoint.com/results/sk/sk34574).

Question 2.: That is possible under the following conditions:

  • The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss.

  • The synchronization network may include only Layer 2 networking devices - switches and hubs. No Layer 3 routers are allowed on the synchronization network

See https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ClusterXL_AdminGuide/Topics-...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
RemoteUser
Advisor
Wednesday
In response to G_W_Albrecht

thank you very much for the exasuative answer, so it can be done both ways.

The only thing I was wondering by reading also.
“R82 SmartConsole Help” says this:
Sync - A cluster synchronization interface. You must define one or more synchronization interfaces for redundancy. If you use more than one synchronization interface, you must define which interface is primary, secondary or tertiary. Synchronization redundancy is not supported on Small Medium Business appliances. Only primary synchronization can be selected on these appliances and only for the LAN2/SYNC interface. You cannot configure VLANs on the synchronization interface.

And the last sentence seems a bit at odds with this sk you sent me (which I had already seen) Using VLAN on cluster Sync interfaces 
maybe to use sync, using a VLAN,it needs to be configured only on:
Cluster + Sync
and not on Sync.
is that correct?

What are your thoughts on this?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
Wednesday
In response to RemoteUser

You have to read that in context:

Synchronization redundancy is not supported on Small Medium Business appliances. Only primary synchronization can be selected on these appliances and only for the LAN2/SYNC interface. You cannot configure VLANs on the synchronization interface.

--> This is only true for SMB appliainces running Embedded GAIA ! The R81.10 Cluster XL Admin Guide is for GAiA appliances / Open Server installations only.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events