Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ken_networks
Participant
Jump to solution

How to configure gateway failover if interface goes down

Standalone Full HA deployment currently running 80.10 but soon to be upgraded to 80.30 before the gateways are deployed into Production.

Looking to find out how to configure the gateways to failover to the backup gateway if the following conditions occur:

1.  WAN or LAN interface go down

2.  If the WAN or LAN interface remain up but a switch or upstream/downstream device fails which effectively result in the gateway being able to access the internet or internal network; the gateway fails over to the backup

Thanks 

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion
1 works by default on cluster interfaces.
2 is not possible, there is no tracking to see if a nexthop or beyond is available or not.
Regards, Maarten

View solution in original post

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion
1 works by default on cluster interfaces.
2 is not possible, there is no tracking to see if a nexthop or beyond is available or not.
Regards, Maarten
0 Kudos
ken_networks
Participant

Thanks for the response.

Can I just clarify where you said there is no tracking mechanism, that you're referring to both 80.10 and 80.30 and not just 80.10 which I'm running now?

0 Kudos
Maarten_Sjouw
Champion
Champion
Tracking is, to my knowledge, not on the scope of Check Point.
I have not heard of any plans or requests on implementation of tracking.
Regards, Maarten
0 Kudos
Benedikt_Weissl
Advisor

My 2 cents regarding point 2: Any important up- or downstream device that is not directly connected to the firewall should itself be clustered. Also, since both nodes are connected to the same vlans, a failure further up- or downstream cant be solved by switching to the backup member.

In my experience distributed setups generally work better than standalone full HA deployments, have you consided migrating the management to a seperate server?

Edit: I've found a way to implement this using sk35780 and the clusterXL_monitor_ips script

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events