• November 26, 2020, 06:48:18 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: ERS 4850 Checkpoint Clustering  (Read 2366 times)

0 Members and 1 Guest are viewing this topic.

Offline mcrabb

  • Rookie
  • **
  • Posts: 2
ERS 4850 Checkpoint Clustering
« on: April 17, 2015, 07:26:20 AM »
I'm having some trouble setting up an ERS 4850 with Checkpoint firewalls and clustering using either multicast or unicast I think the VIP address is only registered to one port on the switch anyone set one up before.


Offline Dominik

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1564
    • Networkautobahn
Re: ERS 4850 Checkpoint Clustering
« Reply #1 on: April 17, 2015, 08:05:07 AM »
What do you have configured on the Checkpoint ?

Most common is it to have active/passive bond Interfaces on the Checkpoint FW. When a failover happens the Checkpoint will send a gratious ARP so that the VIP can become active on the second node.
That works without any special configuration on the ERS4850 in my expierence.

Do you have the ERS4850 with an L3 configuration in your network ?

Cheers
Itīs always the networks fault!
networkautobahn.com

Offline mcrabb

  • Rookie
  • **
  • Posts: 2
Re: ERS 4850 Checkpoint Clustering
« Reply #2 on: April 17, 2015, 08:17:23 AM »
Thanks for you reply I have two ERS 4850 switches one connected to our ISP (external switch) no advanced license and two external interfaces of the Checkpoint and the other (Internal switch) with a couple of DMZ's and connections back to our core Passports running OSPF.  The Checkpoints are Active/Active load balanced using unicast but when both members are running traffic is hit and miss shut one member down traffic is fine.

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: ERS 4850 Checkpoint Clustering
« Reply #3 on: April 17, 2015, 04:16:02 PM »
Not sure if it's the same issue as you, but when we installed our Checkpoints we had lots of problems trying to run Active/Active with OSPF.  Failover was taking 15 minutes when one node was taken off-line.  We eventually changed to Active/Passive and that fixed our issues.