To achieve maximum reliability and scalability, and to get the most of your Check Point NG Firewalls and ISP connections, you can deploy RainWall and RainConnect in an integrated mode, which allows you to cluster multiple Check Point nodes and connect to multiple ISP links at the same time. This design will achieve High Availability and Load Balancing of ISP links and Firewalls.

In this scenario we are clustering 2 Sun Netra servers running Check Point NG FP3 and RainWall/RainConnect 3.1 platform.  With RainWall’s unicast architecture you can configure one or more virtual IPs. For this deployment each network is configured with one virutal IP address (66.x.x.10, 77.x.x 10, 10.1.1.254, 10.1.2.254). The virtual IPs are used as the "default gateway" for routers and clients both internally and externally. RainWall ensures that when the physical node fails, all virtual IPs that resided on the failed node will move to a healthy node, so that no traffic gets interrupted. RainConnect ensures ISP high availability by monitoring the each providers network connectivity. In event of a link failure RainConnect will assign all new inbound/outbound connections to a healthy link. In this design the nodes share health and utilization information using the 10.1.2.0 network.  www.rainfinity.com and email.rainfinity.com are configured in RainConnect’s Adaptive DNS achieving inbound high availability in event of failure of an ISP. 

Using RainConnect you can define which link to use Inbound and/or Outbound for IP traffic based on port number. In this example network http/https/smtp/ftp are load balanced across both ISP links.  RainConnect also allows you to stick IP traffic to a particular ISP in the example network we are sticking peer to peer (P2P) file sharing applications to our ADSL link.  This peer to peer traffic will always use the preferred link unless the ADSL link fails then the traffic would move to the T1 line until the ADSL line is healthy.

System Specifications: .
RainWall/RainConnect integrated is supported on Check Point NG for the following operating systems: Redhat Linux, SecurePlatform, Solaris, and Windows 2000

System overhead is slightly higher when deploying RainWall and RainConnect in integrated mode but both applications use the same binary code and the same network driver