R80.40 introduced a new ClusterXL Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. mode called Active-Active
A cluster mode (in versions R80.40 and higher), where cluster members are located in different geographical areas (different sites, different cloud availability zones). This mode supports the configuration of IP addresses from different subnets on all cluster interfaces, including the Sync interfaces. Each cluster member inspects all traffic routed to it and synchronizes the recorded connections to its peer cluster members. The traffic is not balanced between the cluster members..
This mode is designed for a cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., whose Cluster Members are located in different geographical areas (different sites, different cloud availability zones).
The IP addresses of the interfaces on each Cluster Member Security Gateway that is part of a cluster. are on different networks (including the Sync interfaces).
Each Cluster Member inspects all traffic routed to it and synchronizes the recorded connections to its peer Cluster Members.
The traffic is not balanced between the members.
Example Topology:
For more information, see Active-Active Mode in ClusterXL.