Configuring a VSX Cluster in the High Availability Mode

VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. High Availability is the default clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. configuration.

If Virtual System Load SharingClosed VSX Cluster technology that assigns Virtual System traffic to different Active Cluster Members. Acronym: VSLS. (VSLS) is not active, a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster functions in the VSX Gateway High Availability mode.

All VSX Cluster Members must be configured to use the same clustering mode.

To configure VSX Cluster Members for VSX Gateway High Availability:

During the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. First Time Configuration Wizard, on the Products page, select ClusterXL.

For more information, see the R81 Installation and Upgrade Guide.

Virtual Switches in a High Availability VSX Cluster

In a VSX Cluster, Virtual Switches are also clustered for redundancy and are defined as Active/Active.

The physical interface connected to the Virtual SwitchClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW. is monitored by means of the Cluster Control Protocol (CCP).

In the event of a failover, all Virtual Systems on the Standby VSX Cluster MemberClosed Security Gateway that is part of a cluster. become Active, and send Gratuitous ARP Requests from the warp interface between the Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. and the Virtual Switch.

Item

Description

1

Active VSX Cluster Member

2

Standby VSX Cluster Member

3

Virtual Switch Cluster

4

Active Virtual Switch

5

Virtual System 1

Physical Link

Warp LinkClosed Logical interface that is created automatically in a VSX topology between: (1) Virtual System and Virtual Switch (2) Virtual System and Virtual Router. Acronym: WRP.

In the above figure, a simplified VSX Cluster contains two VSX Cluster Members in the High Availability mode, one Active, and the other Standby.

The Virtual Switches within each VSX Cluster are Active/Active.

When the physical interface connected to either Virtual Switch fails to respond, a failover occurs.