This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
Advisor
Advisor
a week ago

bringing new appliances into a cluster

Hi mates,

We have a cluster of 6900s and we are bringing in 9300s to replace them.   My understanding is to just add the 9300s into the existing cluster, fail over then remove/delete the older 6900s.    Does everyone agree that's the best approach?    Instead of sync cable, I'm planning on either using a run of the mill hub or a few switch ports.  I assume its ok to have a mix of 6900s and 9300s for a small amout of time the active node may be a 6900 and the standby running on a 9300.

0 Kudos
6 Replies
the_rock
Legend
Legend
a week ago

I always follow below process for that and never an issue.

Andy

https://community.checkpoint.com/t5/Security-Gateways/Replace-Upgrade-Cluster/m-p/157228#M27268

Daniel_Kavan
Advisor
Advisor
Monday
In response to the_rock

Yes, that's one way. 

I kind of like bringing in a 3rd cluster member better, just so the working HA is still there.

0 Kudos
the_rock
Legend
Legend
Monday
In response to Daniel_Kavan

I believe same process would apply, except you are simply adding another member.

Andy

0 Kudos
Daniel_Kavan
Advisor
Advisor
Monday
In response to the_rock

Yeah, except for using a sync cable you'd need a standard hub or switch ports.

 

0 Kudos
the_rock
Legend
Legend
Monday
In response to Daniel_Kavan

Ah, yes, thats true.

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority
Monday

Last I checked, Check Point does not support clusters with different member hardware for any length of time, no matter how small. The official answer is you MUST take an outage to swap.

That said, this is one of the combinations which could actually work, since the 6900 uses an i9-9900KF (8c16t) and the 9300 uses an i5-13400E (10c16t), so the OS sees 16 cores on both. Both run 14 workers by default. The big concern is the 9300 wants to have UPPAK enabled, while the 6900 does not. I'm not 100% sure that configuration can successfully sync.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events