Sync Redundancy

The use of more than one physical synchronization interface (1st sync, 2nd sync, 3rd sync) for synchronization redundancy is not supported. For synchronization redundancy, you can use bond interfaces.

Requirements and Limitations:

• The bond subordinate interfaces on each Cluster Member Security Gateway that is part of a cluster. must connect to the same switch or VLAN (for example, physical interface eth1 on all Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members must connect to the same switch).

• We recommend that interfaces and other network hardware support the IEEE 802.3 bond mode.

• If you use a Bond in High Availability A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. mode, you must add subordinate interfaces to the bonding group in the same order on all Cluster Members.

Important - See Supported Topologies for Synchronization Network.

To configure bond interfaces for Sync High Availability:

1. Configure a bond interface on each Cluster Member with unused subordinate interfaces. See Configuring a Bond Interface in High Availability Mode.

2. Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

3. From the left navigation panel, click Gateways & Servers.

4. Open the cluster object.

5. From the left tree, click Network Management.

6. At the top, click Get Interfaces > Get Interfaces With Topology.

7. Select the applicable interface and click Edit.

8. In the General section, in the Network Type field, select Sync.

9. Click OK.

10. Install the Access Control Policy on this cluster object.

11. On each Cluster Member, make sure that the Sync interfaces are in the bond.

    Examine the cluster interfaces in one of these ways:

    • In Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).:

      show cluster members interfaces all

    • In the Expert mode:

      cphaprob -am if

    See Viewing Cluster Interfaces.