In This Section: |
Configuring a cluster using SmartConsole is very similar to configuring a single Security Gateway. All attributes of the VPN are defined in the Cluster object, except for two attributes that are defined per Cluster Member.
The Cluster Member Properties window opens.
If you wish to use Office Mode for Remote Access, select Offer Manual Office Mode and define the IP pool allocated to each Cluster Member.
If your Cluster Member supports hardware storage for IKE certificates, define the certificate properties. In that case, Management Server directs the Cluster Member to create the keys and supply only the required material for creation of the certificate request. The certificate is downloaded to the Cluster Member during policy installation.
This is required to synchronize IKE keys.
Select one of the two possible settings:
When working with a VPN peer that is a Check Point Cluster, and the VPN peer is managed by a different Management Server, do NOT define another cluster object. Instead, do the following:
The Externally Managed Check Point Gateway window opens.
If the encryption domain is just one subnet, select All IP addresses behind Gateway based on Topology information.
If the encryption domain includes more than one subnet, select Manually defined.