Solved

Checkpoint IP Appliances

Posted on 2010-08-27
5
488 Views
Last Modified: 2013-11-16
Hi,

Is it possible to configure clustering on different IP subents, either for load sharing or active/passive

I.e. one firewall located on site A another in Site B
0
Comment
Question by:skywalker101
  • 2
  • 2
5 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 33542538
Not sure I understand your requirements here.

Can you elaborate a little?  Please give an example using a basic diagram with networks listed at each site.
0
 

Author Comment

by:skywalker101
ID: 33542889
Hi,

I have attached diagram 2 sites with replica hardware in each site, it a DR senario but I want to loadshare between each site. The Ip's are fake but it will be the same concept.  The idea is if one firewall fails the other site will take the load without have 2 firewalls in each site

Each site will be on a different subnet, so I don't think this is possibe as the default gateway of the router connecting the LAN, will be pointing to the firewall which will be on a differnet subnet, although I am not sure
basic-network.vsd
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 33543618
Thats a lot clearer thanks.

In short, given this deployment, then no, you cannot cluster these devices.

Reasons include:

1.  Multiple WAN connections can be catered for using ISP redundancy, but this cannot be actioned over a cluster in different sites
2.  Each cluster interface needs to be in the same subnet to allow for the cluster IP creation.

If you had full layer 2 connectivity between each site and kept the same subnets on each side, you can then cluster across 2 sites, but the main requirement is layer2 connectivity,

HTH
0
 

Author Comment

by:skywalker101
ID: 33543863
Thanks

Layer 2 is still a Possibility.  Have not decided on Layer 2 or layer 3 connecting the sites
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
palo alto VM series in AWS 3 91
Network Activities  please help 16 76
How to create one more DMZ subnet? 8 69
Checkpoint Endpoint Managment 3 65
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now