Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vijay_Nagaraj
Contributor

Hardware Differences

I have one question about clustering , I wanted to perform the hardware upgrade to the firewalls, we have 2 locations total 4 firewalls. There is a fail over configured between these locations.

Say for example in location1 am going to do hardware upgrade with IBM or HP machine but in location2 am performing the upgrade with different hardware but looks like same make with different model, but for sure am going to use different one. My question is when the fail over between the location happens , will that cause any issues with the above scenario or fail over will be transparent to users. Software versions are going to be same.

 

I believe it will cause some issues. Please share your thoughts!

Thanks in advance.

V

0 Kudos
4 Replies
Vladimir
Champion
Champion

Vijay,

Since you are describing two locations with two gateways in each, it is unlikely that you have a stretched HA cluster consisting of four devices.

It makes sense that the site failover being handled by routing logic of your internal routers, not Check Point.

In this case, it does not matter what devices you'll end-up using in your secondary location as long as it'll have sufficient processing and memory capacity to handle the traffic.

Regards,

Vladimir

Vijay_Nagaraj
Contributor

Thanks. Exactly same. There is a routing in between the locations. 

Thanks for your clarifications.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Considering that you have two "independent" clusters, the transparency will be partial. "Short" TCP connections like web browsing or most UDP will not be impacted. But any long running TCP sessions for example file transfers will be disrupted as new firewall cluster will not know about them and they will be dropped "out of state". You may choose to disable this check during upgrade - then connections should transfer to new firewalls with no issues.

Don't forget if you have address translation (NAT) in use, that may impact outcome too. It's not a simple answer, depends on your environment

Vijay_Nagaraj
Contributor

Thanks!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events