Defining A Gateway Cluster Object - Infinity CHECK POINT 1100 Administration Manual

Defining a Gateway Cluster Object

A Check Point Appliance Security Gateway is a group of 2 members. Each represents a separate
Check Point Appliance which has High Availability software installed. ClusterXL is the Check Point
clustering solution. Third party OPSEC Certified clustering products are not supported.
High Availability
High Availability allows organizations to maintain a connection when there is a failure in a cluster
member. Only one machine is active (Active/Standby operation) in this configuration. Load sharing
is not supported on this appliance.
Prerequisites
During Cluster configuration, only a "Gateway First" installation path is supported. Therefore, you
must first configure the gateways with their actual IPs. Only afterward should you create the
cluster object in SmartDashboard or SmartProvisioning. The policy installation from the Security
Management Server alerts the gateways that they are configured as cluster members.
Before you define a Check Point Appliance cluster, make sure you defined all of the network
interfaces used for each of the Check Point Appliance gateways. The interfaces must be defined in
the same subnet. To verify definitions, access the WebUI of the appliance.
These actions are only required to work with the Cluster Wizard in SmartDashboard:
•
Make sure a cable is connected between the two LAN2/SYNC ports of both appliances. You do
not need to assign them IPs as those are created automatically later. If you do assign them,
make sure the LAN2/SYNC interfaces use the same subnet.
You can use a different SYNC interface other than LAN2. For more information, see sk52500
http://supportcontent.checkpoint.com/solutions?id=sk52500
SmartDashboard but you need to make further adjustments to the cluster object before policy
installation).
• The Cluster Wizard assumes that the WAN interface is part of the cluster. Make sure the WAN
interfaces in each of the gateways are configured with a static IP of a matching subnet.
•
When you configure the appliances that are used in the cluster, make sure to set both of the
appliances with the same one-time password you used to authenticate and establish trusted
communication. Without this, you cannot use the Cluster Wizard in SmartDashboard and you
need to create the cluster object in Classic Mode.
Trusted communication without authentication is not supported on Check Point Appliance
cluster members.
Creating a Cluster for New Gateways
To create a cluster for new gateways:
• Set up and configure the Check Point Appliance gateways.
•
Create and configure the cluster object in SmartDashboard that represents the gateways.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
(you can use the Cluster Wizard in
Installation
| 13