The Synchronization Network

The Synchronization Network A set of interfaces on Cluster Members that were configured as interfaces, over which State Synchronization information will be passed (as Delta Sync packets ). The use of more than one Synchronization Network for redundancy is not supported because the CPU load will increase significantly due to duplicate tasks performed by all configured Synchronization Networks. Synonyms: Sync Network, Secured Network, Trusted Network. is used to transfer synchronization information about connections and other Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. states between Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members.

The synchronization network carries the most sensitive Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. information in the organization. Therefore, it is critical that you protect it against both malicious and unintentional threats.

We recommend that you secure the synchronization interfaces using one of the following strategies:

• Enable the CCP Encryption (this is the default) on the Cluster Members (see Configuring the Cluster Control Protocol (CCP) Settings).

• Use a dedicated synchronization network.

• Connecting the physical network interfaces of the Cluster Members directly using a cross-cable. In a cluster with three or more members, use a dedicated hub or switch.

Notes: See Supported Topologies for Synchronization Network. You can synchronize members across a WAN. See Synchronizing Clusters on a Wide Area Network. In ClusterXL Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic., the synchronization network is supported on the lowest VLAN tag of a VLAN interface. For example, if three VLANs with tags 10, 20 and 30 are configured on interface eth1, only interface eth1.10 may be used for synchronization.