Infinity CHECK POINT 1100 Administration Manual page 15

6. In the First Member and Second Member sections, enter a Member name and Member IP
address.
If you want to check the communication and connectivity, clear the Define the second cluster
member now check box. This allows you to complete the wizard definitions for the first
member only.
7. Enter and confirm the One-time password to establish initial trust.
When trust is established, it is based on security certificates. This password must be identical
to the same one-time password defined for both members in their appliances' First Time
Configuration Wizard or WebUI.
8. Click Next.
The wizard opens to Cluster Interface Configuration.
When you configure the WAN interface, you cannot disable High Availability. (For other
configurations, edit the Cluster object later).
If the WAN interface was not defined, edit the Cluster object in SmartDashboard with the
wizard and select a correct main IP for the cluster object. (This IP is used, for example, in VPN
as one of the Link selection options).
9. Enter a virtual IP Address and Net Mask for the cluster. The virtual IP is applied in the next
policy installation.
10. Click Next.
11. To enable High Availability on the interface, select the Enable High Availability on <name>
interface checkbox. <name> shows the network interface defined in the Check Point
Appliance.
12. When High Availability is selected, enter a virtual IP Address and Net Mask for the cluster. The
virtual IP is applied in the next policy installation.
13. Click Next.
14. Repeat steps 12 - 14 for each defined interface.
15. Click Finish or select Edit Cluster in Advanced mode to further configure the cluster.
Cluster Interface Configuration
In the Cluster Interface Configuration window, you define if a network interface on the Check Point
Appliance is part of the security gateway cluster. This window shows for each network interface
that was configured in the Check Point Appliance. The total number of interfaces configured for
the gateway shows in the window title. For example, if 3 interfaces are configured for the gateway,
a total of 3 windows require configuration. The first window displays (1 of 3 interfaces). The name
of the interface you are currently configuring shows in the Interface column.
Each network interface (on both members) has a unique IP address. If High Availability is enabled
on the interface, then the cluster requires an additional unique virtual IP address. This IP address
is visible to the network and ensures that failover events are transparent to all hosts in the
network.
When High Availability is not enabled, the interface is considered not-monitored private (it is not
cluster related).
You can configure High Availability for all network interfaces except for the WAN interface. By
default, the WAN interface is always part of the cluster. If you do not want the WAN interface to be
part of the cluster, double-click on the Check Point Appliance security gateway cluster object, and
select Topology node > Edit Topology.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
Installation
| 15