asked on
How many firewall nodes can you have in a Checkpoint CLUSTERXL enironment
We currently have an Active/Standby Checkpoint Clusterxl Firewall setup in our main data facility. We have two buildings and have recently built a secondary DR data center in the building. We originally were just going to move the 2nd inactive firewall to the other building - (all interfaces are on vlans that are trunked between buildings. so private, public, dmz, and heartbeat are all on seperate vlans available in both buildings.)
After some thought, moving the secondary firewall we will lose the resiliency in the primary site. Assuming the vlans were up between the sites, this should be able to serve off the secondary firewall in the secondary site, but have since decided to purchase another firewall instead and add it to the clusterxl.
questions are:
1. how many firewall appliances checkpoint 4600 running GAI can I put in a clusterxl environment?
2. Can I set a priority or weight of what appliances should be elected as active if the heartbeat (sync channel fails). My understanding is that if the sync channel fails.. the nodes determine which is to be active. If the fiber goes dark between our buildings (our vlan trunk). Both building would in essence think they are capable of running the active firewall. If one building is destroyed, I need to have a mechanism for telling how to elect the active firewall.
any information, setup or config recommendations....
After some thought, moving the secondary firewall we will lose the resiliency in the primary site. Assuming the vlans were up between the sites, this should be able to serve off the secondary firewall in the secondary site, but have since decided to purchase another firewall instead and add it to the clusterxl.
questions are:
1. how many firewall appliances checkpoint 4600 running GAI can I put in a clusterxl environment?
2. Can I set a priority or weight of what appliances should be elected as active if the heartbeat (sync channel fails). My understanding is that if the sync channel fails.. the nodes determine which is to be active. If the fiber goes dark between our buildings (our vlan trunk). Both building would in essence think they are capable of running the active firewall. If one building is destroyed, I need to have a mechanism for telling how to elect the active firewall.
any information, setup or config recommendations....
Network ArchitectureHardware Firewalls
Last Comment
Fidelius