Technical data

Introduction to VSX Clusters
Check Point VSX Administration Guide NGX R67 | 85
VSX High Availability
This section describes VSX high availability features. In a VSX environment, you can work with one of two
high availability scenarios:
VSX Gateway High Availability: Each cluster member functions as a VSX gateway and is synchronized
with the other members. If one member goes down, it immediately fails over to another member. Likewise, if
an individual Virtual System, Virtual Router or Virtual Switch goes down, the entire member fails over to
another member.
Per Virtual System High Availability: In the event that an individual Virtual System goes down, that Virtual
System fails over to another member while all other Virtual Systems, together with other virtual devices,
continue to function on the original member.
In either scenario, all members and virtual systems function in an active/active mode and are continuously
synchronized.
VSX Gateway High Availability
VSX gateway high availability is the default cluster configuration. If neither Per Virtual System nor Virtual
System Load Sharing (VSLS) is active, a cluster functions in the VSX Gateway high availability mode. All
members of a cluster must be configured to use the same clustering mode.
Figure 5-21 VSX Gateway failover
In the above example, member M1 experiences a failure the affects VS1 and all Virtual Systems
immediately fail over to member M2.
Per Virtual System High Availability
With per Virtual System high availability, each Virtual System can monitor its own interfaces for failure, as
illustrated in the figure below:
Figure 5-22 Virtual System failover
In this example, each member of the cluster contains three identical, synchronized Virtual Systems. The
member designated as M1 process traffic. If VS2 goes down, on M1, it fails over to its peer in ton M2. VS1
and VS1 continue to function normally on M1.
For per Virtual System high availability to work properly, each Virtual System must connect directly to either
a physical interface, or A VLAN.