There are two R77.30 Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The
cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to
have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was
standby. Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an
hour, FW_A’s interface issues were resolved and it became operational. When it re-joins the cluster, will it
become active automatically?
A.
No, since “maintain current active cluster member” option on the cluster object properties is enabled by
default
B.
No, since “maintain current active cluster member” option is enabled by default on the Global Properties
C.
Yes, since “Switch to higher priority cluster member” option on the cluster object properties is enabled by
default
D.
Yes, since “Switch to higher priority cluster member” option is enabled by default on the Global Properties
Explanation:
What Happens When a Security Gateway Recovers?
In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are
redistributed among all active members. High Availability and Load Sharing in ClusterXL ClusterXL
Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in
a cluster recovers, the recovery method depends on the configured cluster setting. The options are:
• Maintain Current Active Security Gateway means that if one member passes on control to a lower priority
member, control will be returned to the higher priority member only if the lower priority member fails. This mode
is recommended if all members are equally capable of processing traffic, in order to minimize the number of
failover events.
• Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher
priority member is restored, then control will be returned to the higher priority member. This mode is
recommended if one member is better equipped for handling connections, so it will be the default Security
Gateway.
http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/
CP_R77_ClusterXL_AdminGuide.pdf?HashKey=1479822138_31410b1f8360074be87fd8f1ab682464&xtn=.pdf