This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ken_networks
Participant
‎2019-10-23 08:12 AM

How to configure gateway failover if interface goes down

Jump to solution

Standalone Full HA deployment currently running 80.10 but soon to be upgraded to 80.30 before the gateways are deployed into Production.

Looking to find out how to configure the gateways to failover to the backup gateway if the following conditions occur:

1.  WAN or LAN interface go down

2.  If the WAN or LAN interface remain up but a switch or upstream/downstream device fails which effectively result in the gateway being able to access the internet or internal network; the gateway fails over to the backup

Thanks 

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion
‎2019-10-23 10:12 AM

Jump to solution
1 works by default on cluster interfaces.
2 is not possible, there is no tracking to see if a nexthop or beyond is available or not.
Regards, Maarten

View solution in original post

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion
‎2019-10-23 10:12 AM

Jump to solution
1 works by default on cluster interfaces.
2 is not possible, there is no tracking to see if a nexthop or beyond is available or not.
Regards, Maarten
0 Kudos
ken_networks
Participant
‎2019-10-30 05:01 AM
In response to Maarten_Sjouw

Jump to solution

Thanks for the response.

Can I just clarify where you said there is no tracking mechanism, that you're referring to both 80.10 and 80.30 and not just 80.10 which I'm running now?

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-30 05:08 AM
In response to ken_networks

Jump to solution
Tracking is, to my knowledge, not on the scope of Check Point.
I have not heard of any plans or requests on implementation of tracking.
Regards, Maarten
0 Kudos
Benedikt_Weissl
Advisor
‎2019-10-23 03:27 PM

Jump to solution

My 2 cents regarding point 2: Any important up- or downstream device that is not directly connected to the firewall should itself be clustered. Also, since both nodes are connected to the same vlans, a failure further up- or downstream cant be solved by switching to the backup member.

In my experience distributed setups generally work better than standalone full HA deployments, have you consided migrating the management to a seperate server?

Edit: I've found a way to implement this using sk35780 and the clusterXL_monitor_ips script

0 Kudos