Configuring Security Group High Availability
Setting Security Group Weights (High Availability Factors)
Each hardware component in a Security Group Member has a quality weight factor, which sets its relative importance to overall Security Group health.
For example, ports are more important than other components and are typically assigned a higher weight value.
The Security Group Member grade is the sum of all component weight values.
In a dual Dual Site environment, the Security Group with the higher grade becomes Active and handles traffic.
The grade for each component is calculated based on this formula:
|
To see the weight of each component, run in Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. on a Security Group:
|
Description
Use the "set chassis high-availability factors
" command to configure a hardware component's weight.
Syntax in Gaia gClish of the Security Group
|
|
Parameters
Parameter |
Description |
---|---|
|
Weight factor for a Security Group Member. Valid range: integer between 0 and 1000. |
|
High grade port factor. Valid range: integer between 0 and 1000. |
|
Standard grade port factor. Valid range: integer between 0 and 1000. |
|
Management port factor. Valid range: integer between 0 and 1000. |
|
Bond interface factor. Valid range: integer between 0 and 1000. |
Examples
|
|
|
Setting the Quality Grade Differential
Description
Use the "set chassis high-availability failover
" command in Gaia gClish to set the minimum quality grade differential that causes a failover.
Syntax in Gaia gClish of the Security Group
|
Parameters
Parameter |
Description |
---|---|
|
Minimum difference in Chassis quality grade to trigger a failover. Valid values: 1 - 1000. |