Advanced Clustering Configuration

This section presents several advanced cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. scenarios and procedures for their configuration.

Monitoring all VLANs in VSX Cluster

By default, ClusterXL only monitors two VLANS for failure detection and failover.

These are the highest and lowest VLAN tags defined for a given interface.

For example, if the topology for interface eth1 includes several VLAN tags in the range of eth1.10 to eth1.50, ClusterXL only monitors VLANs eth1.10 and eth1.50 for failure. Failures on any of the other VLANs are not detected in the default configuration.

Note - The command "cphaprob -a if" (or Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). command "show cluster interfaces vlans") shows the highest and lowest VLANs that are monitored.

When both the highest and lowest VLANs fail, all the VLANs are considered down, and a failover occurs.

This means that if a VLAN, which is not listed as the highest or lowest goes down, the VLAN Trunk is still considered "up", and no failover occurs.

There are instances in which it would be advantageous to monitor all the VLANs in the trunk, not just the highest and lowest, and initiate a failover when any one of the VLANs goes down.

To enable monitoring of all VLANs, set the value of the kernel parameter "fwha_monitor_all_vlan" to 1 in the $FWDIR/boot/modules/fwkern.conf file. For more information, see sk92826 and Working with Kernel Parameters on Security Gateway.