I also preffer HA (active/standby) over Load Sharing (active/active), first because LS introduces many variables in the environment, complicating things when having to troubleshoot.
Second, because when traffic through the cluster grows along time, people with LS scenarios tend to forget both members are sharing the load and at some point there might be a failure in one of the boxes and the remaining one is unable to handle all the load, which at the end defeats the whole purpose of have redundancy in the the worst possible moment (been there with a few customers). Someone will come up with the point that "good practices say regular drills should be done to ensure redundancy works", but since on this case it must be done with full production traffic to be a valid test of load handling, most managers won't be willing to go for them ever. Moving to Tom's comment.... my friend, the whole "Software Blades" idea is a license strategy to get more money. Regards On Sat, Nov 6, 2010 at 3:43 PM, Tom Robers <tom.rob...@heidelberg.de> wrote: > Hi, > we use the HA clustering for a long time with no problems and the benefits. > Now we have the blades(R71) with Antivirus and URL Filtering... no update of > the second cluster member is possible. I get no answer for this task; maybe > a checkpoint license strategy ?? > > -Tom > ________________________________________ > Von: Mailing list for discussion of Firewall-1 [ > fw-1-mailingl...@amadeus.us.checkpoint.com]" im Auftrag von > "Reinhard Stich [r.st...@internet-security.at] > Gesendet: Samstag, 6. November 2010 12:52 > Bis: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > Betreff: Re: [FW-1] general question about clustering > > hi, > > At 08:24 06.11.2010, you wrote: > >Hi , > > > >I wanna ask for the benefits which we'll gain, and the problems we may > >have when making up a clustered firewall (especially Checkpoint fw-1 > >of course) > > benefit: > - no problem if one node fails (transparent failover) > - updates / maintainance without outages > - updates / maintainance during working hours (because there is no outage) > > problems: > - with active-active clustering you have to care about the traffic > that should go through both firewalls - so maybe you have to play > with your switch-config > - I prefer HA clusering (one node active, one standby) > > br > reinhard > > -- > Reinhard Stich r.st...@arrowecs.at > Arrow ECS Internet Security AG, 1100 Wien, Wienerbergstrasse 11 > Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ================================================= > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to lists...@amadeus.us.checkpoint.com > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > fw-1-ow...@ts.checkpoint.com > ================================================= > -- Sergio Alvarez CISSP | CCSE+ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway.
