Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
johnnyringo
Advisor

External check to determine active/standby state of cluster members?

Background: We use Google Cloud Global HTTP(S) load balancers in front of a CheckPoint CloudGuard HA cluster to handle SSL termination and give each service a different external IP addresses.  The CheckPoint cluster members are the load balancer's backend and we're left with a fundamental problem:

  • The load balancer does a basic TCP check on port 443 to detect a down member.
  • Since both members pass the check regardless of active/standby state, the traffic is distributed 50/50 assuming both are up.
  • The max NAT sessions are 16384/66 which obviously is 99/1, not 50/50

That NAT issue is described here and I still don't have a fix for it.  So I'm thinking if I can somehow just get the traffic to go 100/0, this fixes the issue.

Is there a way to externally check the active/standby status?  Perhaps there's a service that runs only on the active and is shutdown when it goes standby?

0 Kudos
(1)
Who rated this post