Check Point CP 1590 dual-unit firewall cluster with active-passive HA provides resilient perimeter defense for on-premises networks using VLAN 10 for WAN uplink and VLAN 20 for internal access-layer segmentation. Traffic flows from ISP through modem and DMZ firewall port into an Aruba distribution switch, which segregates WAN cluster ports (22-23 on VLAN 10) from LAN workstations, servers, storage, and printers (ports 1-20 on VLAN 20) via managed switching. Synchronization between CP 1590 Unit A and Unit B ensures stateful failover and consistent security policy enforcement across both cluster members. This architecture eliminates single points of failure while maintaining strict network segmentation, reducing blast radius and simplifying compliance audits for regulated environments. Fork and customize this diagram on Diagrams.so to match your firewall models, port assignments, and VLAN ranges.