Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nikhil_Patil
Participant
Jump to solution

Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

We call Active/Active configurations Load Sharing whereas Active/Passive configurations are High Availability. 

Load Sharing configurations are not currently supported with IPv6.

View solution in original post

9 Replies
PhoneBoy
Admin
Admin

We call Active/Active configurations Load Sharing whereas Active/Passive configurations are High Availability. 

Load Sharing configurations are not currently supported with IPv6.

Nikhil_Patil
Participant

Hi,

Ok. then IPv6 cluster support in Active/Passive mode.?

0 Kudos
PhoneBoy
Admin
Admin

Correct.

Yuber_Sierra
Participant

Hi Daemon,

Will IPv6 for load sharing be supported in the near future?

0 Kudos
_Val_
Admin
Admin

I did not hear about such plans, although I am not Dameon Welch-Abernathy🙂

PhoneBoy
Admin
Admin

FWIW, R80.20 doesn't support Load Sharing for IPv4 either.

I'm guessing this is related to the changes made to SecureXL in R80.20.

We do plan to add this back for IPv4 in the near future, not sure about IPv6.

Meanwhile, there does appear to be a customer release for this feature.

You will need to engage with your Check Point office for more information.

0 Kudos
_Val_
Admin
Admin

I personally do not think LS on physical clusters should be maintained any longer. It is enormously complex solution which brings way too many limitations to be viable these days. 

Just a couple if examples:

1. In Unicast LS mode, with two members, pivot takes care of 30% and forwards other 70% to another member. In terms of bandwidth it means you lose up to 40% of wire speed against HA, just because of sending the same packet twice. 

2. With Multicas mode, Decision Function and Flask&Ack sync mean more latency and potential degradation of PPS against a regular HA, especially if you add more cluster members. Not even talking about acceleration drawbacks.

LS only made sense with slow FW inspection and low speed interfaces. Neither is the case today.

Yuber_Sierra
Participant

We are migrating our network from IPv4 to IPv6, currently have a two member ClusterXL in LS multicast, need to change to HA due to this IPv6 limitation. What would be the best approach to perform this change with minimal downtime, do you know if there is any procedure to perform such change?

Regards.

0 Kudos
_Val_
Admin
Admin

Change cluster object properties and install policy. No downtime

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events