Known Limitations

• Only two members per cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. are supported.

• Running the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. on the Cluster Members is not supported.

• Only High Availability mode (Active/Standby) is supported. Load Sharing modes are not supported.

• Both Cluster Members must reside in the same Availability Zone.

• Currently, it can take up to 40 seconds for a Cluster Member Security Gateway that is part of a cluster. to take full ownership of a cluster during failover. This is due to the amount of time it takes AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. to move secondary private addresses from one member to another.

• VRRP is not supported.

• A Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. running without the appropriate IAM role, cannot be joined to a cluster after it was created.

• QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency. is not applied to interfaces when Route Based VPN is configured, see sk36157.