Home > Rex Global Solutions > Check Point Solutions > Check Point Firewall-1

Check Point Firewall-1  High Availability Module

The Challenge

As organizations increasingly rely on the Internet and VPNs to support mission critical business processes, the costs associated with losing connectivity increase dramatically. Even a momentary failure of a corporate VPN or firewall gateway can interrupt high-value transactions resulting in lost revenues, dissatisfied customers, and reduced productivity. Today's e-business must guarantee uninterrupted access to network resources.

The Solution

Check Point Software Technologies addresses the need for fault tolerant VPN and firewall gateways with its High Availability Module. The module delivers seamless fail-over for mission critical VPN-1 and FireWall-1 deployments by allowing customers to create clusters of redundant gateways. In the event that a primary gateway fails, all connections are re-directed to a designated backup.

Transparent VPN Fail-Over

The High Availability Module maintains all VPN tunnel connections during a fail-over. If a primary gateway becomes unavailable, all VPN sessions continue seamlessly without the need for users to re-connect and re-authenticate. Users will not even notice that an alternate gateway has taken over. In addition, high value business transactions and large file transfers continue intact without the need to restart.

The High Availability Module provides seamless fail-over for mission-critical VPN-1 and FireWall-1 deployments.

Integrated Management

All High Availability set-up parameters are configured directly from the Check Point Management Client and stored on the Check Point Management Server. If a fail-over occurs, the event is logged to Check Point's log file and an alert can be automatically sent to an administrator via email, SNMP, page, etc. In addition, the status of all gateway clusters can be viewed in real time using the Check Point Status viewer. The end result is a powerful solution that is simple to deploy and requires minimal ongoing management overhead.

Tight Integration High availability properties are configured

with the Check Point Management Client.

RGC Check Point Homepage

Check Point Firewall-1

 Enterprise Security

 Access Control

 Authentication

 Content Security

 Network Address Translation

 Reporting Module

 VPN-1 Gateway

 OPSEC

 RealSecure

 High Availability Module

 Firewall Resources

Auto Recovery/Hot Swap

Gateways can be removed and added to a functioning cluster without reconfiguring or restarting the cluster. For example, if a failure occurs as a result of an operating system problem, the failed machine may automatically restart (if the operating system has been configured for automatic reboot) and re-enter the cluster without intervention from the administrator. This feature also enables maintenance of cluster machines during normal business hours with no service disruption.

  Health Check

The High Availability Module incorporates a programmable health check that continuously monitors gateway processes to identify potential problems. In addition to detecting VPN-1/FireWall-1 failures, it can determine system health by communicating with third-party applications. For example, a disk space agent may notify the Health Check if the amount of available disk space reaches a pre-defined minimum. The system can then respond by forcing a fail-over to a backup gateway. The Health Monitor enables a proactive response to a range of problems; which although not representing catastrophic failures, can effect overall system performance and reliability.