Table of Contents
Advertisement
7
Configuring Traffic Management
Clustering Description
IPSO 3.6 and later lets you create firewall/VPN clusters that provide fault
tolerance and dynamic load balancing. A cluster is made up of multiple
appliances (nodes) that share common IP addresses, and it appears as a single
system to the networks connected to it.
A cluster continues to function if a node fails or is taken out of service for
maintenance purposes. The connections being handled by the failed node are
transferred to one of the remaining nodes.
IPSO clusters are also scalable with regard to VPN performance—as you add
nodes to a cluster, the VPN throughput improves.
IPSO clusters support a variety of Check Point VPN-1/FireWall-1 NG
features, including:
Synchronizing state information between firewalls
!
!
Firewall flows
Network address translation
!
VPN encryption
!
Note
All cluster nodes must run the same version of VPN-1/FireWall-1.
Example Cluster
The following diagram shows a cluster with two nodes, firewall A and
firewall B. The cluster balances inbound and outbound network traffic
between the nodes. If an internal or external interface on one of the nodes
fails, or if a node itself fails, the existing connections handled by the failed
344
Voyager Reference Guide
Advertisement
Table of Contents
