Table of Contents
Advertisement
Configuring VPN-1/FireWall-1 for Clustering
If the cluster will be in service as soon as it becomes active, you should
configure and enable VPN-1/FireWall-1 before making the cluster active. You
must configure VPN-1/FireWall-1 appropriately.
Follow the guidelines below when configuring VPN-1/FireWall-1 to work
with an IPSO cluster. Refer to the Check Point documentation for details.
Also see the guidelines under
Using VPN-1/FireWall-1 NG_AI"
of VPN-1/FireWall-1.
For FP3 and VPN-1/FireWall-1 NG_AI
!
!
!
!
Voyager Reference Guide
Each cluster node must run exactly the same version of VPN-1/FireWall-
1.
You must install and enable exactly the same Check Point packages on
each node. In other words, each node must have exactly the same set of
packages as all the other nodes.
When you use Check Point's cpconfig program (at the command line or
through the Voyager interface to this program), follow these guidelines:
!
You must install VPN-1/FireWall-1 as an enforcement module (only)
on each node. Do not install it as a management server and
enforcement module.
After you choose to install VPN-1/FireWall-1 as an enforcement
!
module, you are asked if you want to install a Check Point clustering
product. Answer yes to this question.
After you choose to install a Check Point clustering product (and
!
reboot the system when prompted to do so, you should resume using
the cpconfig program to finish the initial configuration of VPN-1/
FireWall-1. One of the options available to you at this point is to
enable CheckPoint SecureXL. Do not enable SecureXL.
Create and configure a gateway cluster object:
Use the Check Point Smart Dashboard application to create a gateway
!
cluster object.
"If You Are Using FP3"
for information specific to these versions
and
"If You Are
385
Advertisement
Table of Contents
