Converting an Existing Check Point Appliance to a Cluster

Do these procedures to convert an existing Check Point Appliance to a cluster.

Note - The procedures require some downtime.

Terms used:

• GW - the existing Check Point Appliance gateway object that has already established trust and has an installed policy.
• Cluster - the new Check Point Appliance cluster object that you create.
• GW_2 - the new cluster member object that joins the existing gateway.

To configure the new appliance GW_2 with the First Time Configuration Wizard:

1. Make sure to configure the actual IP addresses and not the virtual IP addresses that are used by the existing gateway GW.
2. Clear the Enable switch on LAN ports checkbox.

   If you do not do this, the default switch configuration is automatically removed during the cluster's first policy installation, as it is not supported in a cluster configuration.

   Note - It is more secure to remove the switch configuration before initial policy installation.

3. Configure the LAN2 port (used for cluster synchronization) with an IP address that is in the same network as the other cluster member. It is recommended to assign a static IP address for the sync interface.
4. Do not fetch the policy from the Security Management Server.

To create and configure the cluster in SmartDashboard:

1. Use the wizard to create a new Check Point Appliance cluster.
2. Define the IP address as the IP used by the existing gateway GW.
3. Define the first member with GW_2's IP address.

   Important - Do not define the second member using the wizard.

4. Establish trusted communication.
5. Define all the IP addresses of the clustered interfaces. Use the existing gateway GW IP address as the virtual IP of the cluster.
6. At the end of the wizard, select the Edit the cluster in Advanced Mode checkbox.
7. In Advanced Mode, enter all the relevant configuration settings from the GW to the cluster object.

To reconfigure the existing Check Point Appliance:

1. In the WebUI, go to the GW and connect to it.
2. Reconfigure the IP addresses of the clustered interfaces with the actual IP addresses that is used by the gateway as a member of the cluster.

Important - Downtime starts.

To configure the cluster in SmartDashboard:

1. Change the main IP and the IPs that appear in the topology table of the GW object.
2. Install policy on Cluster.

   Important - Downtime ends. At this point, the cluster contains only one member, GW_2.

3. Go to Cluster Members > Add > Add existing gateway and edit the Cluster object.
4. If GW does not show in the list, press Help and make sure GW does not match any of the categories that prevent it from being added to a cluster.

   Note - Use the information on this Help page to determine if there are any configuration settings you want to copy to the new Cluster object.

5. Under the new GW object, click Topology > Get Topology to edit the topology of the Cluster object.
6. Install policy on Cluster.