Configuring Security Group High Availability

Setting Security Group Weights (High Availability Factors)

Each hardware component in a Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Member has a quality weight factor, which sets its relative importance to overall Security Group health.

For example, ports are more important than other components and are typically assigned a higher weight value.

The Security Group Member grade is the sum of all component weight values.

In a dual Dual Site environment, the Security Group with the higher grade becomes Active and handles traffic.

The grade for each component is calculated based on this formula:

(Unit Weight) x (Number of components in the UP state)

To see the weight of each component, run in Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. on a Security Group:

asg stat -v