Configuring High Availability

Background

ClusterClosed Two Quantum Spark Appliances connected to each other for High Availability. maintains connections in the organization's network when there is a failure in one of the Cluster Members. The cluster provides redundancy.

In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. connected to your Management ServerClosed A Check Point Security Management Server or a Multi-Domain Security Management Server., you configure a Small Office Cluster object and install a security policy on that cluster object.

Limitations

  • You cannot create a cluster when you have a switch or bridge defined in the network settings on the appliance. If necessary, change network settings in the Device > Local Network page.

  • It is not supported to configure a Cluster of Quantum Spark Appliances when an Internet connection is a Bond interface.

  • Cluster requires Static IP addresses on the physical cluster interfaces.

  • Cluster does not support pure IPv6 addresses on cluster interfaces (you must also configure IPv4 addresses).

Prerequisites

  • In WebUI > Device > Local Network, delete bridge and switch configurations before you start to configure a cluster.

  • The appliances in a cluster must have the same hardware, firmware, and licenses.

    Note - Connect the sync cables only after you complete the First Time Configuration Wizard and remove the switch on both appliances. No additional configuration is required on the members.

Best Practice - Designate the same LAN port for the Sync interface. The default Sync interface is LAN2/SYNC.

Notes:

  • You can use a Bond interface in the Active-Backup mode as a Sync interface only in Centrally Managed appliances.

  • You can configure a maximum of two subordinate Bond ports when the Bond serves as a Sync interface.

  • The two subordinate Bond ports can be connected directly between the members or through a switch:

    • In a direct connection, the cable connects between the dedicated subordinate Sync ports on the appliances.

    • With a switch, the cables connect between the dedicated subordinate Bond ports on the appliances and the corresponding ports on a switch between the appliances.

Note - A cluster in a Bridge Active/Standby mode is supported.