Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Karan0587
Explorer

Clustering Information

Hi,

I information for clustering of the checkpoint in the below scenario

  • 2 separate internet tails coming into 2 Checkpoint firewalls.

I am reading through the Cluserting XL document and it says it should be in the same network for extern Interfaces as well, but in the above scenario what is the best solution?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

A better question might be: what is your precise goal.
If each firewall is connected to a separate Internet connection, then a cluster is probably the wrong solution.
Also, you probably have different IP space with each ISP, making “transparent” failover while maintaining active connections not really possible.

A network diagram could be useful.

0 Kudos
Karan0587
Explorer

Thanks for the reply.

Basically, we are migrating customer from the existing network to Checkpoint Solution.

Currently they have 2 separate Internet tails coming in to 2 separate routers(connected through vrrp), we are basically in planning phase.

So as per your comment we cannot have clustering when WAN IP is in different segment ( from diff providers) ?

 

I am new to checkpoint so if there is any stupid question feel free to correct me

0 Kudos
Chris_Atkinson
Employee Employee
Employee

If the firewalls will be located downstream from the VRRP routers I don't see an issue, it's a given that you'll need a switch for the plumbing of the cluster here which shouldn't be unexpected.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events