Check Point High Availability
for IP Appliances
Overview
Networks carry information that is the lifeblood of your business, often making network outages or degraded performance unacceptable. To help ensure business continuity and balanced performance, several high availability solutions are available for IP appliances. Virtual Router Redundancy Protocol (VRRP) and patented IP clustering technology provide robust and scalable high availability for IP appliances. These technologies allow several independent IP appliances to join together for a common security goal as one virtual machine.
When using VRRP, at least one active appliance and a hot-standby are deployed as a cluster. The backup appliance is ready to assume any active appliance functions in case of any failures. In addition to processing network traffic in parallel, IP clustered appliances share information about the context of that traffic to enable the cluster to survive the failure or degradation of any of its individual appliances. By dividing and conquering, clustering can allow several appliances to work in concert to take on a task that would tax any single member. And all the appliances can be centrally managed from one location. VRRP, IP Clustering and external load balancers are supported across all IP appliances.
Key benefits
-
High Availability – Limits any disruption to network uptime should a security appliance face unforeseen performance issues. Transparently redistributes workloads to surviving cluster appliances without impacting communication throughout the cluster.
-
Scalability – Enables security administrators to improve performance and adapt to increasing traffic by adding cluster members that divide the workload among more appliances for efficient processing.
-
Resiliency and fault tolerance – Avoids simultaneous failures through clustering, and enables active IP appliance maintenance possible through workload redistribution. Administrators can perform transparent "rolling upgrades," in which nodes are gracefully removed from the cluster, upgraded, and reinserted, all without any disruption to end-user operations.
Features
High Availability across all IP Appliances
Check Point IP appliances offer a range of high availability technologies to ensure critical services remain live under the most demanding conditions. Customers can choose from Virtual Router Redundancy Protocol (VRRP), patented high-performance IP Clustering technology, or external load balancers for their high availability requirements. Using these advanced technologies avoids network down time and related loss of productivity, customer frustration, or negative impact on business reputation.
Virtual Router Redundancy Protocol (VRRP)
VRRP allows two or more IP appliances to represent a single virtual IP appliance, with only one functioning as a firewall at any given time. If the IP appliance routing data on behalf of the virtual IP appliance fails, an arrangement is made automatically for another physical IP appliance to replace it. Network traffic continues with minimal or any disruption.
IP Clustering
IP Clustering technology allows up to four devices to act as a single network entity, sharing one internal and one external IP address. IP packet processing is distributed among all cluster member gateways to achieve equal member processing loads. By its nature, IP Clustering adds scalability. When the cluster is reaching its capacity limits, additional cluster members can be added to increase performance. IP Clustering also provides sub-second fail-over; while VRRP fail-over time to the standby appliance is usually a few seconds.
IP Platforms also support external load balancers.
Specifications
| HA Mode | Firewall Sync and Failover Time | Recommended Number of Appliances for Solution | Redundancy | Performance Scalability | Comparative Cost Among Solutions | |
|---|---|---|---|---|---|---|
VRRP |
Active-Passive or Active-Active |
Yes |
2 |
Complete |
None |
Low |
IP Clustering |
Active-Active |
Yes |
N (2 or more; 3 for Good Scalability) |
Complete |
Good |
Higher |
External Load Balancers (ELB) |
Active-Active |
Yes |
N (2 or more; 4 to 5 for Excellent Scalability depends on the ELB) |
Depends on the ELB |
Depends on ELB |
Highest |
- Products A-Z
- Appliances
- Appliances Overview
- 600 Appliances
- 1100 Appliances
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21000 Appliance
- 61000 Security System
- DDoS Protector Appliances
- SecurityPower
- Secure Web Gateway Appliance
- Threat Prevention Appliance
- Series 80
- UTM-1 Edge
- IP Appliances
- Virtual Systems
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Threat Prevention
- ThreatCloud™
- Security Management
- Compliance
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite
Next Steps
- Find a Partner
- Call US sales: 1-866-488-6691
- Contact Us Online
Resources