Splat HA without ClusterXL

[greenhold]

I have installed 2 ngx65 splat servers and 1 smartcenter ngx65 splat server. The 2 enforcement's are FW/VPN only, they were setup as cluster members, and then the Smartcenter server was setup as just the primary smartcenter server only.

I have pulled the topology into smartdashboard for both enforcements, sic is good, etc.. and I have setup the VIP's for the external and interal cluster topology. However I cannot ping the internal or external VIP's (there is an any any rule setup and when I dump the interfaces the pings to the VIP aren't showing up on either fw or in the logs)...

I've been looking through the ClusterXL doc's, but they aren't much help... Do you still use VIP's with classic HA and no clusterXL? Thanks for any feedback!

[mcnallym]

You should create a Check Point Cluster object and then attach both boxes into the cluster. You then define the Cluster IP on the Cluster Object.

Set the CLusterXL to be High Availability and that should be all. You still use ClusterXL and it should be enabled at the cli of the gateway.

[greenhold]

I did create the Cluster object and add the members, but I removed the checkbox from the ClusterXL option, since I just want to do HA without ClusterXL... So I need to leave the ClusterXL checked and I won't have to buy a ClusterXL license?

[greenhold]

Well the VIP does now respond and everything is working as I had originally hoped it would, I just want to confirm that I won't have to buy a ClusterXL license?

Thanks again for your time!

[Thorpuse]

A ClusterXL license is only required if you want to use Load-Sharing. In active-standby, no CXL license is required.

[greenhold]

Great, Thanks!