Solutions Fast Track
Check Point High Availability and Check Point Load Sharing
-
Remember that the Check Point High Availability and Load Sharing modules are separately purchased products. With the pricing at the time of this writing it is included in new Enterprise and Express gateway licenses. However, if you have old licenses, you may need to upgrade your license to use the features. Contact your Check Point authorized reseller for the most up-to-date pricing information. Basically, make sure that you have the proper license before using it.
-
If using state synchronization, don t be afraid to tailor the synchronized protocols.
-
Be sure that you have properly defined the necessary components using the cphaprob command.
Single Entry Point VPN Configurations (SEP)
-
Synchronization is a must with a SEP VPN.
-
Before enabling a SEP gateway configuration, make sure that clusters are enabled in the Global Properties and that HA has been turned on each enforcement module.
Multiple Entry Point VPN Configurations (MEP)
-
Remember that a MEP solution is the most simple of failover solutions; synchronization of connections isn t available.
-
Use office mode (for SecureClient only), IP pools, or NAT to circumvent problems associated with asymmetric routing.
Other High Availability Methods
-
VRRP is available with a number of solutions including Nokia s appliances.
-
It is wise to select an OPSEC certified hardware solution.
![Check Point NG[s]AI](/icons/blank_book.jpg "Check Point NG[s]AI"){kind=icon}