I have a CusterXL HA setup (2 units), And a 2nd small external IP range that I'll be migrating over to our checkpoint firewall.
I only have 1 IP address available to define an interface with on our cluster in that IP range (With future plans to put everything behind a reverse proxy, to free up addresses so I can do a proper HA setup).
Is it okay to add an additional interface on only one of the units (active), and reference that IP in the Proxy ARP ? I'm not sure if this will have any bad interactions with ClusterXL, as all my other interfaces in the cluster are setup properly with VIPs. I don't expect any bad behavior, but I'd like to see if anyone else has done this, and their experiences.
I know this will make the services unavailable if there is a failover, but that has been deemed acceptable for us in the short term.
*edited for spelling