Configuring Services not to Synchronize

Synchronization of connections incurs a performance cost. Not all connections that go through a clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. must be synchronized:

You may choose not to synchronize a service if these conditions are true:

You can have a synchronized service and a non-synchronized definition of a service, and use them selectively in the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase.. For more information, see the R80.40 Security Management Administration Guide.

To configure a service not to synchronize in a cluster:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., click Objects > Object Explorer.

  2. In the left tree, select Services.

  3. Double-click the applicable existing synchronized service, for which you need to create a non-synchronized counterpart service.

  4. Write downClosed State of a Cluster Member during a failure when one of the Critical Devices reports its state as "problem": In ClusterXL, applies to the state of the Security Gateway component; in 3rd-party / OPSEC cluster, applies to the state of the State Synchronization mechanism. A Cluster Member in this state does not process any traffic passing through cluster. all the settings from both the General and Advanced pages.

  5. Click OK.

  6. Click New > Service > > select the applicable service type.

  7. Enter the applicable name that distinguishes the new non-synchronized counterpart service from the existing synchronized service.

  8. On the General page, configure the same settings as in the existing synchronized service.

  9. On the Advanced page:

    1. Configure the same settings as in the existing synchronized service.

    2. In the Cluster and synchronization section, clear Synchronize connections if State Synchronization is enabled on the cluster.

      Important - This change applies to all policies that use this service.

  10. Click OK.

  11. Close the Object Explorer.

  12. Use the synchronized service and the non-synchronized counterpart service in the applicable rules in the applicable Access Control Policies.

  13. Publish the SmartConsole session.

  14. Install the Access Control Policy on the cluster object.