Checkpoint 12600 firewall can support IPv6 Cluster IP in ACTIVE+ACTIVE High availability mode ?
We call Active/Active configurations Load Sharing whereas Active/Passive configurations are High Availability.
Load Sharing configurations are not currently supported with IPv6.
Ok. then IPv6 cluster support in Active/Passive mode.?
Will IPv6 for load sharing be supported in the near future?
I did not hear about such plans, although I am not Dameon Welch-Abernathy :-)
FWIW, R80.20 doesn't support Load Sharing for IPv4 either.
I'm guessing this is related to the changes made to SecureXL in R80.20.
We do plan to add this back for IPv4 in the near future, not sure about IPv6.
Meanwhile, there does appear to be a customer release for this feature.
You will need to engage with your Check Point office for more information.
I personally do not think LS on physical clusters should be maintained any longer. It is enormously complex solution which brings way too many limitations to be viable these days. Just a couple if examples:
1. In Unicast LS mode, with two members, pivot takes care of 30% and forwards other 70% to another member. In terms of bandwidth it means you lose up to 40% of wire speed against HA, just because of sending the same packet twice. 2. With Multicas mode, Decision Function and Flask&Ack sync mean more latency and potential degradation of PPS against a regular HA, especially if you add more cluster members. Not even talking about acceleration drawbacks.
LS only made sense with slow FW inspection and low speed interfaces. Neither is the case today.
We are migrating our network from IPv4 to IPv6, currently have a two member ClusterXL in LS multicast, need to change to HA due to this IPv6 limitation. What would be the best approach to perform this change with minimal downtime, do you know if there is any procedure to perform such change?
Change cluster object properties and install policy. No downtime
Retrieving data ...