This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
  - Czech Republic and Slovakia
  - Denmark
  - Netherlands
  - Germany
  - Sweden
  - United Kingdom and Ireland
  - France
  - Spain
  - Norway
  - Ukraine
  - Baltics and Finland
  - Greece
  - Portugal
  - Austria
  - Kazakhstan and CIS
  - Switzerland
  - Romania
  - Turkey
  - Belarus
  - Belgium & Luxembourg
  - Russia
  - Poland
  - Georgia
  - DACH - Germany, Austria and Switzerland
  - Iberia
  - Africa
  - Adriatics Region
  - Eastern Africa
  - Israel
  - Nordics
  - Middle East and Africa
  - Balkans
  - Italy
  - Bulgaria
  - Cyprus
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

Quantum Spark Management Unleashed!

Watch Now

Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall

Learn More

HTTPS Inspection
Help us to understand your needs better

Take the Survey

CheckMates Go:
SharePoint CVEs and More!

Listen Now

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Who rated this post

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

johnnyringo

Advisor

‎2022-09-30 01:23 PM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

External check to determine active/standby state of cluster members?

Background: We use Google Cloud Global HTTP(S) load balancers in front of a CheckPoint CloudGuard HA cluster to handle SSL termination and give each service a different external IP addresses. The CheckPoint cluster members are the load balancer's backend and we're left with a fundamental problem:

The load balancer does a basic TCP check on port 443 to detect a down member.
Since both members pass the check regardless of active/standby state, the traffic is distributed 50/50 assuming both are up.
The max NAT sessions are 16384/66 which obviously is 99/1, not 50/50

That NAT issue is described here and I still don't have a fix for it. So I'm thinking if I can somehow just get the traffic to go 100/0, this fixes the issue.

Is there a way to externally check the active/standby status? Perhaps there's a service that runs only on the active and is shutdown when it goes standby?

0 Kudos

(1)

Back to post

Who rated this post

the_rock

Legend

Rating date: ‎2022-10-03

About CheckMates

Getting Started & FAQ
Community Guidelines

Learn Check Point

Check Point for Beginners
Check Point Trivia
CheckFlix Videos

Advanced Learning

Check Point Security Masters
Tip of the Week
TechTalks
Training and Certification

Resources

CheckMates Toolbox
Developers (Code Hub)
Product Announcements
Upcoming Events

Non-English Discussions

Español
French
Japanese
Português
Russian
Chinese

YOU DESERVE THE BEST SECURITY

We’re Social. Follow Us