TABLE OF CONTENTS We now take a look at the Check Point ClusterXL clustering solution. ClusterXL FP3 can actually be configured to work in three different modes. Each mode provides different functionality and has differences in the underlying clustering mechanisms:
HA New mode New mode gateways maintain online, unique IP addresses in addition to Virtual IP (VIP) addresses that are shared over the cluster. Traffic for the VIP is handled by the master gateway only.
HA Legacy mode (as available in previous versions of ClusterXL) Provides HA by providing standby gateways configured with the same addresses as the master gateway. The standby gateway interfaces remain disabled unless the master fails, and the gateway is promoted to master.
Load Sharing mode As with HA New mode, all gateways have unique IPs and shared VIPs. However, all gateways are live and share the traffic load.
| Note | Nokia does not support Cluster XL. Load sharing/balancing has to be done via VRRP or Nokia's IP Clustering (ISPO 3.6 and later). |
We begin by looking at HA New mode.
In this section, we describe how to configure Check Point FireWall-1 ClusterXL in HA New mode. In this example, we set up a two-member HA cluster using ClusterXL. Before we proceed with configuring the cluster, we need to make sure that we are starting from a point at which all the other essential tasks have already been completed.
Before configuring the cluster...
