ClusterXL is a Check Point software-based cluster solution for Security Gateway redundancy and Load
Sharing.
- A High Availability Security Cluster ensures Security Gateway and VPN connection redundancy by providing transparent failover to a backup Security Gateway in the event of failure.
- High Availability mode supports both IP v4 and IP v6.
- A Load Sharing Security Cluster provides reliability and also increases performance, as all members are active.
- Load Sharing mode supports only IP v4.
How ClusterXL Works
ClusterXL uses State Synchronization to keep active connections alive and prevent data loss when a
Cluster Member fails. With State Synchronization, each Cluster Member “knows” about connections that go
through other Cluster Members.
ClusterXL uses virtual IP addresses for the cluster itself and unique physical IP and MAC addresses for the
Cluster Members. Virtual IP addresses do not belong to physical interfaces.
The Cluster Control Protocol
The Cluster Control Protocol (CCP) packets are the glue that links together the members in the Security Cluster.
CCP runs on UDP port 8116 between the Cluster Members, and has the following roles:
- It allows Cluster Members to report their own states and learn about the states of other members by sending keep-alive packets (this only applies to ClusterXL clusters).
- State Synchronization (Delta Sync).
Supported Configuration/deployment models:
- A Distributed configuration – the Cluster Members and the Security Management Server are installed on different computers.
- A Full High Availability configuration – the Cluster Members and the Security Management Servers are installed on the same computers (each computer runs a Standalone configuration).
ClusterXL can be installed on Open Servers only in a distributed configuration – not supported in standalone configurations (SMS + GW in same box).
- ClusterXL in High Availability mode supports up to 5 Cluster Members.
- ClusterXL in Load Sharing mode supports up to 5 Cluster Members.
- VRRP Cluster on Gaia OS supports only 2 Cluster Members.
- Virtual System Load Sharing (VSLS) mode supports up to 13 Cluster Members.