Quick Question using HA with Load Balancing

[ds5879]

We currently have 2 SPLAT (R65) firewalls running in Active/Standby type mode with SecureXL HA. I would like to enable the load balancing so we can utilize both firewalls instead of one just being in standby. Is this as simple as selecting that option of Load Balance under the cluster properties (or do I need a different license?)? We have a virtual ip on the inside of our firewalls for the default gw for internal clients and then a virtual IP on the outside. And if we use multicast for the load balancing does that mean that multicast routing needs to be set up on the switches that the firewall connects to? Thanks in advance!

[Pascal01]

Hi, it's indeed as simple as choosing 'load sharing' in stead of High availability in the cluster XL configuration tab. You will need a license to run in ct/act mode!

[MarioL]

Active/Active is an extra license, so you will need to spend some $$. Search for "ClusterXL for Load Sharing" https://pricelist.checkpoint.com/pri...enerallist.jsp

Do you really have enough traffic that you feel you need 2 boxes running? Nowadays most firewalls can handle quite a bit of throughput.

[Thorpuse]

Running Load Sharing with only two nodes is risky as well - consider the scenario where both devices are running at >50% utilisation, and one fails....

If you're serious about needing load sharing, you should be doing this with 3-4 devices to get the best results from a performance and redundancy view. The idea that you need to run load sharing to "use" the other box is not a good view to encourage.

[cciesec2006]

we're using ClusterXL Active/Active R55 where I am at on Intel platforms
and it is working just fine. The Enforcement module is a pair of Dell
1950 (dual Xeon 3.0 GHz with 2GB RAM). CPU is running at about 10%
on each firewall with about 500Mb memory utilization.

By the way, we use ClusterXL load-sharing unicast mode. It is
much simpler to configure and manage and broadcast mode.

It's is not risky at all.