This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mark_Wheeler
Participant
‎2020-03-19 07:34 AM

VSX cluster fundamental question

Hi Folks

 

I am relatively new to VSX and i have a few question for my proper understanding. I only know clustering for ClusterXL or VRRP on gatways and form Management HA.

 

1. Can a VSX gateway (physical appliance) be clustered for HA (high availability)?

2. Can a VSX gateway (physical appliance) be clustered for LS (load sharing)?

3. Is it possible and does it even make sense to cluster virtual systems (virtual firewall on the vsx gateway) for HA on a VSX gateway or is this not necessary as both rely on the same hardware and would fail if the underlying hardware fails anyways?

4. Is it possible and does it even make sense to cluster virtual systems (virtual firewall on the vsx gateway) for LS on a VSX gateway or not?

5. Is it possible to cluster virtual systems over two or more VSX gateways (physical appliances)?

 

Can someone recommend a book or online course in order for me to learn VSX (and probably also MDS) in a structured way? You can also send me a PM in case recommendations are against the policy of this community.

I have booked a course few Weeks ago but it was canceled recently due to lack of attendants (not because of the Corona virus). Otherwise i would not bother you with my newbie questions 🙂

I am thankful for any helping answer,

Mark

0 Kudos
2 Replies
Wolfgang
Authority
Authority
‎2020-03-19 08:11 AM

Mark,

to your questions:

1. Can a VSX gateway (physical appliance) be clustered for HA (high availability)?

YES

 

2. Can a VSX gateway (physical appliance) be clustered for LS (load sharing)?

YES

 

3. Is it possible and does it even make sense to cluster virtual systems (virtual firewall on the vsx gateway) for HA on a VSX gateway or is this not necessary as both rely on the same hardware and would fail if the underlying hardware fails anyways?

You can't cluster a virtual system on one hardware, but your virtual system is high available if you run VSX-cluster

 

4. Is it possible and does it even make sense to cluster virtual systems (virtual firewall on the vsx gateway) for LS on a VSX gateway or not?

no, you can't run any cluster for a virtual system on one VSX gateway

 

5. Is it possible to cluster virtual systems over two or more VSX gateways (physical appliances)?

Yes, but you don't create a cluster of virtual systems, you must build a cluster with your VSX hardware.

 

Please have a look at the VSX documentation to better understanding of the VSX concept and VSX-cluster:

https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_VSX_AdminGuide/html_frameset...

there is nice part for cluster.

 

To get high availability with VSX you have to use more then one hardware to built a VSX-cluster.  This VSX-cluster can be run in HA or LS mode.

If in HA mode all virtual systems are active on one node and will be failover to the other in case of a problem. 

LoadSharing mode gives you the chance to run virtual systems active on all of your VSX-cluster nodes. Meaning virtual system A running on node A and virtual system B running on node B. If node A is failing virtual system A will failover to node B and both virtual systems are active on node B.

Ther are some limitations with VSX-cluster in LS (you can't use virtual-router as an example). So you have to check for your requirements.

Wolfgang

 

0 Kudos
_Val_
Admin
Admin
‎2020-03-19 08:33 AM
In response to Wolfgang

The the second question, the answer is, VSLS - Virtual System Load Sharing. Each VS pair will be in fact HA, but you can set up manual or automatic distribution of different VS being active on all cluster members. 

VSLS also allows you effective use of more than two appliances. For the same VS, you have Active, Standby & Backup modes, if you have three or more physical VSX cluster members.

If this is not enough, and you want "real" load sharing, where the same Virtual System is active everywhere, use Maestro solution.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events