When synchronizing clusters, which of the following statements are true?

When synchronizing clusters, which of the following statements are true?

Select all that apply.

When synchronizing clusters, which of the following statements are true?

Select all that apply.

A.
Only cluster members running on the same OS platform can be synchronized.

B.
Client Auth or Session Auth connections through a cluster member will be lost of the cluster member fails.

C.
The state of connections using resources is maintained by a Security Server, so these connections cannot be synchronized.

D.
In the case of a failover, accounting information on the failed member may be lost despite a properly



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Oleksandr

Oleksandr

The answer should be “A,C,D”.

The following restrictions apply to synchronizing cluster members:
 Only cluster members running on the identical platform can be synchronized.
 All cluster members must use the same Check Point software version.
 A user-authenticated connection through a cluster member will be lost if the cluster member goes down.
Other synchronized cluster members will be unable to resume the connection.
 However, a client-authenticated connection or session-authenticated connection will not be lost.
 The reason for these restrictions is that user authentication state is maintained on Security Servers,
which are processes, and thus cannot be synchronized on different machines in the way that kernel data
can be synchronized. However, the state of session authentication and client authentication is stored in
kernel tables, and thus can be synchronized.
 The state of connections using resources is maintained in a Security Server, so these connections
cannot be synchronized for the same reason that user-authenticated connections cannot be
synchronized.
 Accounting information is accumulated in each cluster member and reported separately to the Security
Management server, where the information is aggregated. In case of a failover, accounting information
that was accumulated on the failed member but not yet reported to the Security Management server is
lost. To minimize the problem it is possible to reduce the period in which accounting information is
“flushed”. To do this, in the cluster object’s Logs and Masters > Additional Logging page, configure
the attribute Update Account Log every:.

tamuzek

tamuzek

I agree with Oleksandr,and the answer should be “A”,”C”,”D”.