Infinity CHECK POINT 1100 Administration Manual page 16

If the WAN interface was not defined, edit the Cluster object in SmartDashboard with the wizard
and select a correct main IP for the cluster object. (This IP is used, for example, in VPN as one of
the Link selection options).
The breadcrumb image at the top of the window shows you the interface you are currently
configuring. You do not configure the LAN2 interface as it is automatically configured by the
wizard and is used only for the SYNC interface. Make sure a cable is connected between the two
LAN2/SYNC ports of both appliances.
The image at the bottom of the page shows if the interface is set for High Availability. When you
configure High Availability, the physical IPs of both members meet at a point indicated by the
cluster's virtual IP address.
To configure more advanced options for interfaces:
1. Click Edit Cluster in Advanced mode at the end of the wizard.
2. Edit the topology of the cluster and make the necessary changes.
Converting an Existing Check Point Appliance to a Cluster
Do these procedures to convert an existing Check Point Appliance to a cluster.
Note - The procedures require some downtime.
Terms used:
• GW - the existing Check Point Appliance gateway object that has already established trust and
has an installed policy.
Cluster - the new Check Point Appliance cluster object that you create.
•
• GW_2 - the new cluster member object that joins the existing gateway.
To configure the new appliance
1. Make sure to configure the actual IP addresses and not the virtual IP addresses that are used
by the existing gateway GW.
2. Clear the Enable switch on LAN ports checkbox.
If you do not do this, the default switch configuration is automatically removed during the
cluster's first policy installation, as it is not supported in a cluster configuration.
Note - It is more secure to remove the switch configuration before initial policy installation.
3. Configure the LAN2 port (used for cluster synchronization) with an IP address that is in the
same network as the other cluster member. It is recommended to assign a static IP address
for the sync interface.
4. Do not fetch the policy from the Security Management Server.
To create and configure the cluster in SmartDashboard:
1. Use the wizard to create a new Check Point Appliance cluster.
2. Define the IP address as the IP used by the existing gateway GW.
3. Define the first member with GW_2's IP address.
Important - Do not define the second member using the wizard.
4. Establish trusted communication.
Check Point 1100/1200R/1400 Appliances Centrally Managed Administration Guide R77.20.70
with the First Time Configuration Wizard:
GW_2
Installation
| 16