Featured Products by
Check Point Software Technologies

Check Point High Availability Module for VPN-1

The Challenge

As organizations increasingly rely on the Internet and VPNs to support mission critical business processes, the costs associated with losing connectivity increase dramatically. Even a momentary failure of a corporate VPN or firewall gateway can interrupt high-value transactions resulting in lost revenues, dissatisfied customers, and reduced productivity. Today's e-business must guarantee uninterrupted access to network resources.

The Solution

Check Point Software Technologies addresses the need for fault tolerant VPN and firewall gateways with its High Availability Module. The module delivers seamless fail-over for mission critical VPN-1™ and FireWall-1® deployments by allowing customers to create clusters of redundant gateways. In the event that a primary gateway fails, all connections are re-directed to a designated backup.

Product Features

• Transparent fail-over of VPN and firewall connections
• Tight integration with VPN-1 and FireWall-1 management tools
• Programmable system health monitor
• Automatic recovery of gateway cluster members

Product Benefits

• Provides continuous network availability for customers, employees, and partners
• Ensures that important VPN sessions are not interrupted during fail-over
• Simplifies deployment and management
• Detects and responds to a range of gateway health problems
• Enables gateway maintenance without service disruption

Transparent VPN Fail-Over
The High Availability Module maintains all VPN tunnel connections during a fail-over. If a primary gateway becomes unavailable, all VPN sessions continue seamlessly without the need for users to re-connect and re-authenticate. Users will not even notice that an alternate gateway has taken over. In addition, high value business transactions and large file transfers continue intact without the need to restart.

The High Availability Module provides seamless fail-over for mission-critical VPN-1 and FireWall-1 deployments.

Integrated Management
All High Availability set-up parameters are configured directly from the Check Point Management Client and stored on the Check Point Management Server. If a fail-over occurs, the event is logged to Check Point's log file and an alert can be automatically sent to an administrator via email, SNMP, page, etc. In addition, the status of all gateway clusters can be viewed in real time using the Check Point Status viewer. The end result is a powerful solution that is simple to deploy and requires minimal ongoing management overhead.

Tight Integration High Availability properties are configured with the Check Point Management Client.

Auto Recovery/Hot Swap
Gateways can be removed and added to a functioning cluster without reconfiguring or restarting the cluster. For example, if a failure occurs as a result of an operating system problem, the failed machine may automatically restart (if the operating system has been configured for automatic reboot) and re-enter the cluster without intervention from the administrator. This feature also enables maintenance of cluster machines during normal business hours with no service disruption.

Health Check
The High Availability Module incorporates a programmable health check that continuously monitors gateway processes to identify potential problems. In addition to detecting VPN-1/FireWall-1 failures, it can determine system health by communicating with third-party applications. For example, a disk space agent may notify the Health Check if the amount of available disk space reaches a pre-defined minimum. The system can then respond by forcing a fail-over to a backup gateway. The Health Monitor enables a proactive response to a range of problems; which although not representing catastrophic failures, can effect overall system performance and reliability.

Specifications

Network Systems Integration
Land-mail: 2245 First Street, Suite 202, Simi Valley, CA 93065
Phone 1-805-579-1030 - Fax 1-805-527-9243
e-Mail: info@nsi-solutions.com