Just curious...will this be available for regular Gaia appliances or only maestro?

Best,

Andy

@the_rock 

Should be possible on the regular appliances.
But we should wait for the GA version.

Best,
Heiko

Great news.

Best,

Andy

On ElasticXL is it possible to configure different (and compatible) models as Cluster? If yes could you send me a documentation? 

@the_rock ElasticXl is for physical clusters only, not Maestro.

Thanks @_Val_ , really looking forward to it.

Best,

Andy

Just to be clear, the only major difference hardware-wise between Maestro and non-Maestro are:

• The addition of the hardware orchestrator
• The installation image used (though the underlying software is the same for Maestro and non-Maestro)
• Some functionality differences between Maestro and non-Maestro configurations: https://support.checkpoint.com/results/sk/sk148074 

ElasticXL brings a lot of the functionality of Maestro without the hardware orchestrator.
It is designed to replace ClusterXL for HA/Load Sharing configurations and will use a lot of the same commands and concepts as Maestro (including the Single Management Object). 

Thats @PhoneBoy , super helpful.

Best,

Andy

Will R82 and ElasticXL be presented at the CPX in Vienna?

Hope the video of it is posted here, would be awesome.

Best,

Andy

Aren't you coming to Vegas?

No buddy, not coming.

Best,

Andy

Videos of CPX sessions will be posted after Las Vegas next week.
I can assure you we will also cover this topic in future CheckMates sessions 🙂

And it was a really good presentation. Thanks for that.

Hi

I try this elasticXL with 5800 device,

2 box 5800 already reimage with r82 version and running first time wizard for thats 2 box 5800, do I need to reset one box ?

1) Wire the next appliances via the switch infrastructure so that all sync interfaces are connected to same network.
Normally the ElasticXl sync interface is the eth1 interface. --> this is the UTP interface? I dont have sfp interface

We can do add more sync interface on SMO if we add more gateway to elasticXL?

Hello @Ricki_Juntak ,

you find some hints on ElasticXL in this guide here. Essentially:

• have your appliances imaged with R82
• cable all machines as indicated in admin guide
  • make sure management and sync network ports are connected to dedicated networks
  • make sure internal and external interfaces are connected to dedicated networks
• run First Time Wizard on one of the appliances
  • this will become your first member of the ElasticXL system
• power up your second appliance
  • don't touch it
  • it will start and advertise on SYNC network "here I am - I am an R82 appliance and ready to join an ElasticXL cluster"
• open Gaia Web UI on first ElasticXL member
  • go to Cluster Management menu
  • see the second appliance is ready to join

hope this helps - greetings

pelmer

Hi Peter,

Thank you,

I think this success:

[Global] GW1-s01-01> cphaprob stat

Cluster Mode: HA Over LS

ID Unique Address Assigned Load State Name

1 (local) 192.0.2.1 50% ACTIVE(!P) GW1-s01-01
2 192.0.2.2 50% ACTIVE(!) GW1-s01-02

Active PNOTEs: IAC

Last member state change event:
Event Code: CLUS-110405
State change: ACTIVE -> ACTIVE(!)
Reason for state change: Sync interface is down
Event time: Thu Nov 28 14:24:42 2024

but I use Sync to the direct connect to device not use switch for sync.

[Global] GW1-s01-01> asg stat

--------------------------------------------------------------------------------
| System Status - ElasticXL |
--------------------------------------------------------------------------------
| Up time | 03:49:47 hours |
| Members | 2 / 2 |
| Version | R82 (Build Number 777) |
--------------------------------------------------------------------------------
| Site Parameters |
--------------------------------------------------------------------------------
| Unit | Site1 |
--------------------------------------------------------------------------------
| Members | 2 / 2 |
--------------------------------------------------------------------------------
[Global] GW1-s01-01>

Hi @Ricki_Juntak ,

Can you please clarify that you connected the out of bound interfaces called "Sync" on your appliances directly?
Please check output from both appliances :
# ifconfig Sync
#ifconfig eth1-Sync
Check state is UP RUNNING
Regards,

Shai.

Hi ShaiF,

this is capture from interface sync:

Sync interface main gateway:

Sync Link encap:Ethernet HWaddr 0A:BA(sorry filter mac)
inet addr:192.0.2.1 Bcast:192.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:5783338 errors:0 dropped:0 overruns:0 frame:0
TX packets:8315604 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:635378829 (605.9 MiB) TX bytes:4115666344 (3.8 GiB)

eth1-Sync Link encap:Ethernet HWaddr :0A:BA
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:5783338 errors:0 dropped:0 overruns:0 frame:0
TX packets:8315604 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:635378829 (605.9 MiB) TX bytes:4115666344 (3.8 GiB)

sync interface member 2:

Sync Link encap:Ethernet HWaddr 16:40(sorry mac filter)
inet addr:192.0.2.2 Bcast:192.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:6243350 errors:0 dropped:0 overruns:0 frame:0
TX packets:5489883 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1386116696 (1.2 GiB) TX bytes:605367536 (577.3 MiB)

eth1-Sync Link encap:Ethernet HWaddr 16:40
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:6231909 errors:0 dropped:0 overruns:0 frame:0
TX packets:5485444 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1382366395 (1.2 GiB) TX bytes:604904865 (576.8 MiB)

my question:

why this elasticXL need external switch for SYNC

it does not. you can connect directly in case you have only 2 members. 

yes, but I think its more great and cool if we can edit another interface to be a SYNC interface

@RamGuy239 

CUT>>>

Does it have to run in active-active mode? I understand why active-active might be ideal for throughput, but there might be scenarios where you'd want it to be active-standby to have less complexity, and to avoid having the orchestration of traffic. When deploying virtual, like on "private cloud" solutions such as VMware ESXi, Nutanix AHV, etc. If both members are running on the same host, there isn't much benefit to have both members active at the same time.

<<<CUT

We are talking about a connection HA. This means that it is not a gateway HA or LS.
The advantage is that in the event of a hardware error, the connections are distributed to the remaining gateways.

PS:
VMWare is currently not supported.

@HeikoAnkenbrand 

ElasticXL and VSnext (requires ElasticXL) is not supported on VMware ESXi? I guess this means hypervisors in general? Is this from a support point-of-view, meaning it won't be officially supported by Check Point, thus no help from TAC, or won't it work as a result of something in the current R82 software is simply not compatible with VMware and/or other hypervisors?

Asking because I have access to R82 EA and was going to play with it in on my home network (VMware ESXi 8.0) and LAB at work (also VMware ESXi 8.0). But my biggest attraction towards R82 is all related to ElasticXL, and some VSnext. So I won't waste my time if it's not supposed to work at all.

There must be ways to get it working, as @Peter_Elmer from Check Point demonstrated it at CPX 2024 in Vienna. As far as I remember there is a problem with interface names when constructing sync and management bonds automatically. So, VSNext and ElasticXL seem to run in VMware. Maybe Check Point can post some hints to get this running in labs. That would be really nice.

But besides that, ElasticXL and VSNext will not be officially supported in VMware.