Getting Started with CloudGuard Network for GCP HA Cluster

Overview

CloudGuard Network Security Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. for Google Cloud Platform (GCP Google® Cloud Platform is a suite of products and services that includes hosting, cloud computing, database services and more.) provides High Availability A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. through state synchronization Technology that synchronizes the relevant information about the current connections (stored in various kernel tables on Check Point Security Gateways) among all Cluster Members over Synchronization Network. Due to State Synchronization, the current connections are not cut off during cluster failover.. This occurs when a standby State of a Cluster Member that is ready to be promoted to Active state (if the current Active Cluster Member fails). Applies only to ClusterXL High Availability Mode. CloudGuard Network Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. Cluster Member Security Gateway that is part of a cluster., deployed in one Zone, monitors the state of an active State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism. member deployed in another Zone. If the active gateway fails, then the standby member assumes active state and performs the necessary changes in your GCP environment so that traffic is be routed through it.

A cluster is a group of Virtual Machines that work together in High Availability Mode. One Cluster Member is Active, and the second Cluster Member is Standby. When necessary, the cluster fails over from the Active Cluster Member to the Standby Cluster Member.

• For VPN traffic, Cluster Members use API calls to GCP to communicate the failover Transferring of a control over traffic (packet filtering) from a Cluster Member that suffered a failure to another Cluster Member (based on internal cluster algorithms). Synonym: Fail-over. from the Active Cluster Member.

• The Standby Cluster Member then promotes itself to Active. During cluster failover, the Standby Cluster Member associates the primary external cluster IP address of the Active Cluster Member with its external interface (eth0).
  The Cluster Member that fails uses the GCP API to attach the cluster's secondary IP address to itself.

The CloudGuard Network Security Cluster provides comprehensive enterprise-grade security. It continues to protect your GCP resources even when it encounters a problem, which on a standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. gateway would have resulted in a complete loss of connectivity.

Prerequisites

Before setting up your system, you must be familiar with the following topics:

• Virtual Private Cloud Network

• Virtual Machines

• Public IP Addresses

• Routes

Note - For the list of supported versions, refer to the Support Life Cycle Policy.

Terms

• Check Point WatchDog

  A process that launches and monitors critical processes such as Check Point daemons on the local machine and attempts to restart them if they fail.