This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Phillip-83
Participant
‎2024-04-15 01:27 PM
Jump to solution

High Availability (HA) on Checkpoint 1590 Quantum Spark

Hi everyone,

I'm new to Checkpoint and I've been trying to learn how to set up for my customer.
Currently, I'm stuck in this place (Connection diagram as shown in the attached picture). I have configured HA for LAN on Lan3, synchronizing the firewall via Lan2. I don't HA the 2 WAN inputs of the 2 Checkpoints, but let them connect directly to the IPS via Metro (my customer using Metro Wan-MPLS Layer 2). Now if I drop the channel on FW1's WAN, will FW2 automatically switch from Standby to Active?

Can someone help me with the answer to this, please.

Preview file
99 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-04-16 07:34 AM
In response to PhoneBoy
Jump to solution

Actually, there's an SK that covers this exact scenario and the steps needed to achieve it: https://support.checkpoint.com/results/sk/sk181841 

View solution in original post

(1)
6 Replies
PhoneBoy
Admin
Admin
‎2024-04-15 05:00 PM
Jump to solution

To the best of my knowledge, only interfaces that are involved in clustering can cause a failover.
Doesn't sound like the WAN is involved in clustering, which means I would expect this to not work.
However, you might want to open a TAC case and confirm: https://help.checkpoint.com 

0 Kudos
Phillip-83
Participant
‎2024-04-15 10:11 PM
In response to PhoneBoy
Jump to solution

So if I have 2 transmission channels, with this checkpoint 1590 (There is no Router and SW WAN above the FW), is there any plan to HA those 2 transmission channels? These two transmission channels use 2 different IP layers from 2 different network providers.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-04-16 02:16 AM
In response to Phillip-83
Jump to solution

Find all details for how to configure a SMB HA Cluster here: sk121096: How to configure a cluster between locally managed SMB appliances

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-16 07:28 AM
In response to Phillip-83
Jump to solution

ClusterXL (on non-SMB appliances) definitely has a requirement for the WAN interfaces being on a "shared" network.
That said, clustering is a little different on the SMB appliances, which is one of the reasons I suggested checking with TAC.
I will also check internally as well.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-16 07:34 AM
In response to PhoneBoy
Jump to solution

Actually, there's an SK that covers this exact scenario and the steps needed to achieve it: https://support.checkpoint.com/results/sk/sk181841 

(1)
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-04-15 05:06 PM
Jump to solution

Is this locally or centrally managed, running R81.10.10 firmware?

 

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events