Do You Need State Sync with vSEC in Public Cloud?
If you plan to implement any sort of autoscaling, the gateways will not use state sync.
This is because the Security Gateway are configured standalone and will be front-ended by load balancers, which will distribute the traffic to the gateways.
For more information on autoscaling, refer to the following SKs:
- Auto Scaling in Amazon Web Services (AWS)
- Auto Scaling in Microsoft Azure
- Check Point vSEC reference architecture for Google Cloud Platform
For situations where autoscaling is not planned, or for protecting outbound connectivity from the Public Cloud, Active/Standby clusters can be configured which will use state sync.
However, because of limitations of the type of communication allowed between instances, only two members of a cluster can be configured.
For more information on using ClusterXL in public cloud, refer to the following SKs:
- Deploying a Check Point Cluster in AWS (Amazon Web Services)
- Deploying a Check Point Cluster in Microsoft Azure
ClusterXL in Google Cloud Platform is expected to be supported later in 2017.