CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
3. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Clustering (Security Gateway HA and ClusterXL)
Reload this Page ClusterXL WAN Syncronization
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-01-11
ppnair@gmail.com ppnair@gmail.com is offline
Member
  
Join Date: 2007-01-10
Posts: 34
Rep Power: 0
ppnair@gmail.com has an average reputation (10+)
Default ClusterXL WAN Syncronization
Hello Everybody,

I need help to understand what the manual mean by the following statement on Page#24 on ClusterXL User's guide:

"2. The synchronization network may only include switches and hubs. No routers are allowed on the synchronization network, because routers drop Cluster Control Protocol packets."

I have a DR site 50 miles away connected with Fiber. Right now it is connected using both end routers. So replacing these two routers with a Cisco Catalyst 6000 routing switch will meet this above statement need. I mean still we can router the other traffic using routing protocols? Please explain and also please let me know how you all have implemented. Is it is strongly suggested to have a dedicated Syncronization link? Appreciate your advice.
Reply With Quote
  #2 (permalink)  
Old 2007-01-11
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 808
Rep Power: 3
northlandboy has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
They mean that you have to bridge the CCP traffic, you can't route it.

This only applies to the cluster interface obviously.

You should use a dedicated interface on the firewall itself, although this often ends up going across a shared physical link if you're doing that sort of bridging. As long as bandwidth is OK it's not a problem.
Reply With Quote
  #3 (permalink)  
Old 2007-01-11
ppnair@gmail.com ppnair@gmail.com is offline
Member
  
Join Date: 2007-01-10
Posts: 34
Rep Power: 0
ppnair@gmail.com has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
Wow Northlandboy,

How did you connected in such cases? Would you please list out the devices and the connections? Also is it a recommened secure way to have only the syncronization traffic on this WAN link; I am both ends with switches...??
Reply With Quote
  #4 (permalink)  
Old 2007-01-17
ppnair@gmail.com ppnair@gmail.com is offline
Member
  
Join Date: 2007-01-10
Posts: 34
Rep Power: 0
ppnair@gmail.com has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
Does someone have a advice for me please?
Reply With Quote
  #5 (permalink)  
Old 2007-01-18
Porter Porter is offline
Senior Member
  
Join Date: 2006-07-10
Posts: 164
Rep Power: 3
Porter has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
IP Clustering across large geographical distances
__________________
misery is optional
Reply With Quote
  #6 (permalink)  
Old 2007-01-19
ppnair@gmail.com ppnair@gmail.com is offline
Member
  
Join Date: 2007-01-10
Posts: 34
Rep Power: 0
ppnair@gmail.com has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
Hi Porter,

I appreciate the response. What kind of typical throughput were you seeing through your firewalls, and how many firewalls did you have in the cluster?

Sorry that this is the same queries asked by TDGAST in your orginal post "http://www.cpug.org/forums/showthread.php?p=8613#post8613"

Appreciate your feedback and details...

Praveen
Reply With Quote
  #7 (permalink)  
Old 2007-01-21
Porter Porter is offline
Senior Member
  
Join Date: 2006-07-10
Posts: 164
Rep Power: 3
Porter has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
you're welcome!
2 clusters with 2 members each, currently about 80 interfaces at all..throughput I have to check first, let you know then
__________________
misery is optional
Reply With Quote
  #8 (permalink)  
Old 2007-01-30
Porter Porter is offline
Senior Member
  
Join Date: 2006-07-10
Posts: 164
Rep Power: 3
Porter has an average reputation (10+)
Default Re: ClusterXL WAN Syncronization
sry, can't provide you with further information about the stuff
__________________
misery is optional
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 02:14.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0