Clustering Example (Three Nodes) - Nokia IPSO 4.0 Reference Manual

To enable sequence validation in the Check Point management application and IPSO, follow
these steps:
a. On the main Configuration page in Nokia Network Voyager, click Advanced System
b. On the Advanced System Tuning page, click the button to enable sequence validation.
c. Enable sequence validation in the Check Point management application.
d. Push the new policy to the IPSO appliance.

Clustering Example (Three Nodes)

This section presents an example that shows how easy it is to configure an IPSO cluster. The
following diagram illustrates the example configuration.
This example cluster has three firewall nodes: A, B, and C. To the devices on either side of the
cluster, A, B, and C appear as a single firewall.
The following sections explain the steps you would perform to configure this cluster.
Nokia Network Voyager for IPSO 4.0 Reference Guide
Tuning (in the System Configuration section).
192.168.1.0
Internal
192.168.1.10
Cluster IP
.1
eth-s1p1
Cluster
Firewall A
(ID 10)
eth-s2p1
.1
External
192.168.2.10
Cluster IP
192.168.2.0
VPN-1/FireWall-1
Synchronization Network
Internal
Router
192.168.1.5
192.168.1.10
.1 .2
eth-s3p1 eth-s3p1
eth-s1p1
Firewall B
eth-s4p1 eth-s2p1 eth-s4p1
.1 .2
192.168.2.10
192.168.2.5
External
Router
Primary Cluster Protocol
Network:192.168.3.0
Cluster IP: 192.168.3.10
192.168.1.10
.2 .3 .3
eth-s3p1
eth-s1p1
Firewall C
eth-s2p1 eth-s4p1
.2 .3 .3
192.168.2.10
Secondary Cluster Protocol
Network: 192.168.4.0
Cluster IP: 192.168.4.10
243