This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Simplifying Zero Trust Security
with Infinity Identity!

The New Quantum DDoS Protector
Integration with Playblocks

Watch Now

ISOMorphic Improvements
Help us with the Short-Term Roadmap

Take the Survey

CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!

LEARN MORE!

CheckMates Go:
Equipped to Compromise

LISTEN NOW

Create a Post

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

CheckMates
:
Educational Resources
:
Tip Of The Week
:
Tip of the Week - Asymmetric connections in Cluste...

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Tip of the Week - Asymmetric connections in ClusterXL R80.20 and higher

Are you a member of CheckMates?

Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!

_Val_

Admin

0 1 1,255

Subscribe to RSS Feed
Mark as New
Mark as Read
Bookmark
Subscribe
Printer Friendly Page
Report Inappropriate Content

‎2020-09-13 11:43 PM

For most types of connections, replies coming from servers are handled by the same cluster member that handles the client's side. But for some types of connections (VPN, static NAT), client and server sides can be handled by different members. Such connections are called asymmetric.

Sync (and Flush&Ack) makes sure that both members are aware of each asymmetric connection and its state at all times, so for "regular" stateful inspection asymmetric connections do not present a problem.

The challenge arises with connections that require DPI (IPS, APPI, etc) or even just a sequence number verification. Such connections have to be handled entirely by a single member, since it's not possible to sync their rapidly changing state at any reasonable rate.

When both sides of a connection are handled by the same member, it's said to be sticky to this member. In R80.20, we introduced a new mechanism called Cluster Correction Layer, which allows maintaining cluster stickiness in a much more effective manner than before.

For more information, refer to this SecureKnowledge Article.

0 Kudos

1 Comment

About CheckMates

Getting Started & FAQ
Community Guidelines

Learn Check Point

Check Point for Beginners
Check Point Trivia
CheckFlix Videos

Advanced Learning

Check Point Security Masters
Tip of the Week
TechTalks
Training and Certification

Resources

CheckMates Toolbox
Developers (Code Hub)
Product Announcements
Upcoming Events

Non-English Discussions

Español
French
Japanese
Português
Russian
Chinese

YOU DESERVE THE BEST SECURITY

We’re Social. Follow Us