In a Cluster, some features such as VPN only function properly when:

A.
all cluster members have the same number of interfaces configured.

B.
all cluster members’ clocks are synchronized.

C.
all cluster members have the same policy.

D.
all cluster members have the same Hot Fix Accumulator pack installed.

Show Hint

← Previous question

Next question →

Leave a Reply 8

Brad

Can someone explain the answer please?

Love, Brad

CP-sniper

See my comment below

CP-sniper

Brad,

If clocks on cluster members are out of sync, then the SIC between members and the VPN will fail.

florentjustin

https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/index.html#o7315

Clock Synchronization in ClusterXL

When using ClusterXL, make sure to synchronize the clocks of all of the cluster members. You can synchronize the clocks manually or using a protocol such as NTP. Features such as VPN only function properly when the clocks of all of the cluster members are synchronized.

Brad

CP-sniper,
your explanation is much appreciated.

Love, Brad

FriedBacon

Add to that, VPN between gateways by default users Certificates (that’s the beauty of having an SMS) w/c is time sensitive

Esteban

B. all cluster members’ clocks are synchronized.

FriedBacon

To add to CP-sniper’s input. By default, CheckPoint devices managed by an SMS negotiate VPN via SSL w/c uses certificates. Certificates as a whole regardless of the application is very time sensitive. Generally, it only allows +/- 10 min. difference