Overview
244 Check Point UTM-1 Edge User Guide
4. When a gateway that was offline comes back online, or a gateway's priority
changes, the gateway sends a heartbeat notifying the other gateways in the
cluster.
If the gateway's priority is now the highest, it becomes the Active Gateway.
The UTM-1 appliance supports Internet connection tracking, which means that each
appliance tracks its Internet connection's status and reduces its own priority by a user-
specified amount, if its Internet connection goes down. If the Active Gateway's priority
drops below another gateway's priority, then the other gateway becomes the Active
Gateway.
Note: You can force a fail-over to a passive UTM-1 appliance. You may want to do
this in order to verify that HA is working properly, or if the active UTM-1 appliance
needs repairs. To force a fail-over, switch off the primary box or disconnect it from
the LAN network.
The UTM-1 appliance supports configuring multiple HA clusters on the same network
segment. To this end, each cluster must be assigned a unique ID number.
When HA is configured, you can specify that only the Active Gateway in the cluster
should connect to the Internet. This is called WAN HA, and it is useful in the following
situations:
• Your Internet subscription cost is based is on connection time, and therefore
having the Passive appliances needlessly connected to the Internet costs you
money.
• You want multiple appliances to share the same static IP address without
creating an IP address conflict.
WAN HA avoids an IP address change, and thereby ensures virtually uninterrupted access
from the Internet to internal servers at your network.
On the other hand, you might prefer to keep Passive Gateways connected to the Internet at
all times, so that they can download updates from the Service Center and be accessible for
remote management, even when not acting as the Active Gateway. In this case, you must
assign a virtual IP address to the WAN interface. Each Passive Gateway will remain
constantly connected to the Internet using its WAN interface's primary IP address, while
remaining on standby to take over the WAN virtual IP address, in the event that the Active
Gateway fails. If desired, you can configure a WAN virtual IP address for the WAN2
interface, as well.
To Next Page
Loading...
