ExamTopics Logo
Mail Us[email protected]
Menu
Checkpoint Discussions
exam questions

Exam 156-215.80 All Questions

View all questions & answers for the 156-215.80 exam
Go to Exam

Exam 156-215.80 topic 1 question 126 discussion

Actual exam question from Checkpoint's 156-215.80
Question #: 126
Topic #: 1
[All 156-215.80 Questions]

There are two Security Gateways in the Firewall Cluster. They are named FW_A and FW_B. The cluster is configured to work as HA (High availability) with default cluster configuration. FW_A is configured to have higher priority than FW_B. FW_A was active and processing the traffic in the morning. FW_B was standby.
Around 1100 am, its interfaces went down and this caused a failover. FW_B became active. After an hour, FW_A's interface issues were resolved and it became operational. When it re-joins the cluster, will it become active automatically?

  • A. No, since ג€maintain current active cluster memberג€ option on the cluster object properties is enabled by default
  • B. No, since ג€maintain current active cluster memberג€ option is enabled by default on the Global Properties
  • C. Yes, since ג€Switch to higher priority cluster memberג€ option on the cluster object properties is enabled by default
  • D. Yes, since ג€Switch to higher priority cluster memberג€ option is enabled by default on the Global Properties
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
What Happens When a Security Gateway Recovers?
In a Load Sharing configuration, when the failed Security Gateway in a cluster recovers, all connections are redistributed among all active members. High
Availability and Load Sharing in ClusterXL ClusterXL Administration Guide R77 Versions | 31 In a High Availability configuration, when the failed Security Gateway in a cluster recovers, the recovery method depends on the configured cluster setting. The options are:
ג€¢ Maintain Current Active Security Gateway means that if one member passes on control to a lower priority member, control will be returned to the higher priority member only if the lower priority member fails. This mode is recommended if all members are equally capable of processing traffic, in order to minimize the number of failover events.
ג€¢ Switch to Higher Priority Security Gateway means that if the lower priority member has control and the higher priority member is restored, then control will be returned to the higher priority member. This mode is recommended if one member is better equipped for handling connections, so it will be the default Security
Gateway.
Reference:
http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/CP_R77_ClusterXL_AdminGuide.pdf?
HashKey=1479822138_31410b1f8360074be87fd8f1ab682464&xtn=.pdf
by hhernandezEC at June 15, 2020, 4:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Brazil
Highly Voted 2 years, 5 months ago
People....A is correct. The setting "Maintain current active cluster member" is the default setting. So you guys saying C need to go build a test VM with R77.30 and look again.
upvoted 9 times
...
Hernan_Mella
Most Recent 1 year ago
In smart console demo mode, check cluster xl properties in cluster, by default is configured as Maintain active member;.... From Smartconsole Help: Upon cluster member recovery In a High Availability cluster, each member is given a priority. The member with the highest priority serves as the gateway. If this gateway fails, control is passed to the member with the next highest priority. If that member fails, control is passed to the next, and so on. Upon gateway recovery, it is possible to: ◾Maintain current active Cluster Member ◾Switch to higher priority Cluster Member.
upvoted 2 times
...
theManFromRoom5
2 years, 1 month ago
Answer is definitely A. It's generally assumed that the two cluster members you have are of the same capability so by default Check Point sets that it will maintain current active cluster member in the event of failover/recovery as neither cluster member is better than the other so changing back to the arbitrarily/needlessly assigned 'high priority' member would be a waste of resources. 'High priority' in this case is not necessarily indicative of better performing, just that it happens to be the gateway which was set as the operating gateway when the cluster was set up with high availability. Semantics my dear Watson...
upvoted 2 times
...
babajana
2 years, 7 months ago
I think "FW_A is configured to have higher priority than FW_B" this sentence is a bit confusing. based on this sentence C maybe correct
upvoted 1 times
babajana
2 years, 7 months ago
C is correct
upvoted 3 times
...
...
hhernandezEC
3 years, 1 month ago
For 77.30 the default configuration is Switch to Higher Priority Security Gateway. This is stated in the answer and is also stated on page 31: http://dl3.checkpoint.com/paid/7e/7ef174cf00762ceaf228384ea20ea64a/CP_R77_ClusterXL_AdminGuide.pdf?HashKey=1592244531_5c1608889a7fdac6e7fcd6b38b5a0ff1&xtn=.pdf The answer should be C.
upvoted 1 times
agentjoks
3 years ago
A is the right answer
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel