Configuring Assigned Load in the Load Sharing Unicast Mode

By default, this is how a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. in the Load SharingClosed A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS. Unicast Mode assigns traffic to Cluster Members:

Total number of Cluster Members

% of traffic inspected by the Pivot member

% of traffic inspected by each of the non-Pivot members

1

100

N / A

2

30

(100% - (% of traffic inspected by PivotClosed A Cluster Member in the Unicast Load Sharing cluster that receives all packets. Cluster Virtual IP addresses are associated with Physical MAC Addresses of this Cluster Member. This Pivot Cluster Member distributes the traffic between other Non-Pivot Cluster Members. member)) / (# of non-PivotClosed A Cluster Member in the Unicast Load Sharing cluster that receives all packets from the Pivot Cluster Member. members) =

(100% - 30%) / 1 = 70%

3

20

(100% - (% of traffic inspected by Pivot member)) / (# of non-Pivot members) =

(100% - 20%) / 2 = 40%

4

10

(100% - (% of traffic inspected by Pivot member)) / (# of non-Pivot members) = (100% - 10%) / 3 = 30%

5

0

(100% - (% of traffic inspected by Pivot member)) / (# of non-Pivot members) = (100% - 0%) / 4 = 25%

Note - See the maximum supported number of Cluster Members in the R80.40 Release Notes.

To change the default assigned traffic load:

  1. Back up the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. / applicable Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

    Refer to:

  2. Close all SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. windows.

    Note - To make sure there are no activeClosed State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism. sessions, run the "cpstat mg" command in the Expert mode on the Security Management Server / in the context of each Domain Management Server.

  3. Connect with Database Tool (GuiDBEdit Tool) to the Security Management Server / applicable Domain Management Server.

  4. In the top left pane, go to Table > Network Object > network_objects.

  5. In the top right pane, select the applicable Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / Cluster object.

    Note - In the column "Class Name":

  6. Press the CTRL+F keys (or go to the Search menu > click Find) > paste Pivot_overhead> click Find Next.

  7. Change the value of the Pivot_overhead attribute for your needs:

    • To make the Pivot member inspect more traffic - decrease the value of "Pivot_overhead".

    • To make the Pivot member inspect less traffic - increase the value of "Pivot_overhead".

  8. Save the changes: go to the File menu > click Save All.

  9. Close the Database Tool (GuiDBEdit Tool).

  10. Connect with SmartConsole to the Security Management Server / applicable Domain Management Server.

  11. Install the Access Control Policy on the applicable Cluster object.