 Re: new to clustering need help
In Checkpoint Clustering mode, whether it is Nokia VRRP or ClusterXL in Active/Standby
or Active/Active (Unicast mode) or Active/Active (multicast), both of the firewall
will share the same SA.
The third party only knows a single SA. The concept is similar to Cisco IPSec
stateful failover with InterProcess Communication (IPC/SSO). In the Cisco IPSec
scenario, when the Active router fails, the standby router will take over with
the SAME SA. The third party VPN does not even know because nothing changed.
Does that make sense? |