Single License VRRP
With the Single License VRRP feature introduced in the IPSO 4.2, you can create an inexpensive high availability configuration using a single CheckPoint Firewall license.This a low-cost solution because you only need to purchase one firewall license.
Limitations
You should be aware of the following constraints before you implement this configuration :
- You cannot include more than two platform in the VRRP group.
- You must use an active-passive configuration. You cannot use an active-active setup.
- You must configure monitored-circuit VRRP.
- You cannot use firewall synchronisation, so the existing connections are not maintained in the event of a failover.
- When failover occurs, a relatively long time elapses between the failure on the original master and service beginning on the new master.
- Once a failover has occured, failback does not happen in the same way as with other VRRP configurations. With single VRRP, failback occurs only if you fix the problem that caused the failover from the original master the reboot the new master.
- You must use NOKIA Network Voyager to configure singme license VRRP: there is no IPSO CLI command for the feature.
posted by Hervé SCHLECHT @ 8:49 AM
<< Home