Geo Cluster

R81.20 introduced support for ClusterXLClosed Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. High AvailabilityClosed A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. mode in a Cloud (Geo ClusterClosed A High Availability cluster mode (in versions R81.20 and higher), where cluster members are located in different cloud availability zones. This mode supports the configuration of IP addresses from different subnets on all cluster interfaces, including the Sync interfaces. The Active cluster member inspects all traffic routed to the cluster and synchronizes the recorded connections to its peer cluster members. The traffic is not balanced between the cluster members. See "High Availability".).

This mode is designed for a clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. with Cluster Members located in different cloud availability zones.

Each Cluster MemberClosed Security Gateway that is part of a cluster. inspects all traffic routed to it and synchronizes the recorded connections to its peer Cluster Members.

Each Cluster Member monitors its cluster state and the state of the peer Cluster Member.

If there is a cluster failureClosed A hardware or software problem that causes a Security Gateway to be unable to serve as a Cluster Member (for example, one of cluster interface has failed, or one of the monitored daemon has crashed). Cluster Member that suffered from a failure is declared as failed, and its state is changed to Down (a physical interface is considered Down only if all configured VLANs on that physical interface are Down)., the cluster fails over.

For deployment of the Geo Cluster in a cloud, see the CloudGuard Network for AWS Cross Availability Zone Cluster Deployment Guide.