Solved

Checkpoint IP Appliances

Posted on 2010-08-27
5
484 Views
Last Modified: 2013-11-16
Hi,

Is it possible to configure clustering on different IP subents, either for load sharing or active/passive

I.e. one firewall located on site A another in Site B
0
Comment
Question by:skywalker101
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 33542538
Not sure I understand your requirements here.

Can you elaborate a little?  Please give an example using a basic diagram with networks listed at each site.
0
 

Author Comment

by:skywalker101
ID: 33542889
Hi,

I have attached diagram 2 sites with replica hardware in each site, it a DR senario but I want to loadshare between each site. The Ip's are fake but it will be the same concept.  The idea is if one firewall fails the other site will take the load without have 2 firewalls in each site

Each site will be on a different subnet, so I don't think this is possibe as the default gateway of the router connecting the LAN, will be pointing to the firewall which will be on a differnet subnet, although I am not sure
basic-network.vsd
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 33543618
Thats a lot clearer thanks.

In short, given this deployment, then no, you cannot cluster these devices.

Reasons include:

1.  Multiple WAN connections can be catered for using ISP redundancy, but this cannot be actioned over a cluster in different sites
2.  Each cluster interface needs to be in the same subnet to allow for the cluster IP creation.

If you had full layer 2 connectivity between each site and kept the same subnets on each side, you can then cluster across 2 sites, but the main requirement is layer2 connectivity,

HTH
0
 

Author Comment

by:skywalker101
ID: 33543863
Thanks

Layer 2 is still a Possibility.  Have not decided on Layer 2 or layer 3 connecting the sites
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now