Understanding Full High Availability Cluster on Appliances
In a Full High Availability Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. on two Check Point Appliances, each appliance runs both as a ClusterXL Cluster Member Security Gateway that is part of a cluster. and as a Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., in High Availability mode.
|
Important - You can deploy and configure a Full High Availability Cluster only on Check Point Appliances that support Standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. configuration. See the R81 Release Notes and Installing a Standalone. |
This deployment reduces the maintenance required for your systems.
In the image below, the appliances are denoted as (1) and (3).
The two appliances are connected with a direct synchronization connection (2) and work in High Availability mode:
-
The Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. on one appliance (for example, 1) runs as Primary, and the Security Management Server on the other appliance (3) runs as Secondary.
-
The ClusterXL on one appliance (for example, 1) runs as Active, and the ClusterXL on the other appliance (3), runs as Standby.
-
The ClusterXL Cluster Members synchronize the information about the traffic over the synchronization connection (2).
For information on ClusterXL functionality, see the R81 ClusterXL Administration Guide.
For information on Security Management Servers, see the R81 Security Management Administration Guide.
|
Important - SmartEvent Server is not supported in Management High Availability and Full High Availability Cluster environments (sk25164). For these environments, install a Dedicated SmartEvent Server (see Installing a Dedicated Log Server or SmartEvent Server). |