Configuring ClusterXL

This procedure describes how to configure the Load SharingClosed A redundant cluster mode, where all Cluster Members process all incoming traffic in parallel. For more information, see "Load Sharing Multicast Mode" and "Load Sharing Unicast Mode". Synonyms: Active/Active, Load Balancing mode. Acronym: LS. Multicast, Load Sharing Unicast, and High AvailabilityClosed A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. modes from scratch.

Their configuration is identical, apart from the mode selectionClosed The packet selection mechanism is one of the central and most important components in the ClusterXL product and State Synchronization infrastructure for 3rd-party clustering solutions. Its main purpose is to decide (to select) correctly what has to be done to the incoming and outgoing traffic on the Cluster Member. (1) In ClusterXL, the packet is selected by Cluster Member(s) depending on the cluster mode: In HA modes - by Active member; In LS Unicast mode - by Pivot member; In LS Multicast mode - by all members. Then the Cluster Member applies the Decision Function (and the Cluster Correction Layer). (2) In 3rd-party / OPSEC cluster, the 3rd-party software selects the packet, and Check Point software just inspects it (and performs State Synchronization). in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object or Cluster creation wizard.

Installing Cluster Members

Step

Instructions

1

See ClusterXL Requirements and Compatibility.

2

See R80.40 Installation and Upgrade Guide.

Configuring Routing for Client Computers

Example topology:

[internal network 10.10.2.0/24] --- (VIP 10.10.2.100/24) [Cluster] (VIP 192.168.2.100/24) --- [external network 192.168.2.0/24]

To configure routing for client computers:

  1. Computers on the internal network 10.10.2.0/24 must be configured with Default Gateway IP 10.10.2.100

  2. Computers on the external network 192.168.2.0/24 must be configured with Default Gateway IP 192.168.2.100

  3. For Proxy ARP configuration, see sk30197.

  4. In addition, see Cluster IP Addresses on Different Subnets.