Checkpoint Clustering vs. Cisco ASA Clustering

2016-08-28, 20:00
Hi Team,

I want to understand the fundamental difference between the clustering architectures of Checkpoint vs. Cisco especially with regards to session replication. In Cisco ASA Clustering each session is only replicated to one of the nodes in the cluster and hence they are claiming about linear growth in performance as more connections can be handled. If my understanding serves right the Checkpoint Cluster especially the multicast load-sharing mode replicated all the firewall sessions among all the members to ensure the connection never fails because of a node going down.

However assuming a scenario wherein the max no.of connections allowed per node is 1 million sessions. And the cluster receives & processes 1 million connections all these connections will be replicated by all the nodes in the cluster. will this limit the cluster from processing more sessions. As the memory table handling the connection table would be full across all the nodes in the cluster. Does Checkpoint supports 2 separate connection tables one for the sessions processed by the nodes itself & other table for connections synced from the other nodes in the cluster. If this is true then it will scale just like Cisco ASA cluster.

please let me know if my understanding is correct.