Configuring the Cluster Object and Members

Overview

You can use one of these procedures to define a cluster object and its members:

• Simple Mode (Wizard) - Lets you quickly create a new cluster and configure some basic cluster properties:
  • Cluster properties and Virtual IP addresses
  • Properties and Topology of Cluster Members
  • Synchronization interfaces and IP addresses
• Classic Mode - Opens the Cluster Gateway Properties window, where you manually create a cluster and configure its properties.

The Cluster Gateway Properties window lets you:

• Manually create a new cluster
• Enable and configure Software Blades for the cluster
• Configure other cluster properties that you cannot configure with the wizards
• Change the properties of an existing cluster

Using the Wizard Mode

This version includes two wizards:

• Check Point Appliances and Open Servers
• Check Point Small Office Appliances

Configuring the Cluster Object and Members

The Check Point Appliance or Open Server Wizard is recommended for enterprise grade appliances and open server platforms.

To create a new cluster with the Appliance or Open Server Wizard:

1. In SmartConsole, right-click Check Point in the Network Objects tree.
2. Select Security Cluster > Check Point Appliance/Open Server.
3. In the Check Point Security Gateway Cluster Creation window, click Wizard Mode.
4. In the Cluster General Properties window, enter or select:
   • Cluster Name - Unique name for the cluster
   • Cluster IPv4 and IPv6 address - Virtual Management IP addresses for this cluster.

     Important: You must define a corresponding IPv4 address for every IPv6 address. This release does not support pure IPv6 addresses.

   • Choose the Cluster Solution - Select Check Point ClusterXL and then select High Availability or Load Sharing (must follow sk162637).
5. In the Cluster Member Properties window, click Add > New Cluster Member to configure each member.
   1. Enter the physical IPv4 and IPv6 addresses.

      Note: Make sure that you do not define IPV6 address for sync interfaces. The wizard does not let you define an interface with an IPv6 address as a sync interface.

   2. Enter and confirm the SIC trust activation key.
6. In the Cluster Topology window, define a network objective (Role) for each network interface and, if necessary, define the virtual cluster IP addresses.

   The wizard automatically calculates the subnet for each network and assigns it to the applicable interface on each member. The calculated subnet shows in the upper section of the window.

   The available network objectives are:

   • Cluster Interface - A cluster interface that connects to an internal or external network. Enter the cluster virtual IP addresses for each network (internal or external). These addresses must be located in the calculated subnet.
   • Cluster Sync Interface - A cluster synchronization interface. You must define one or more synchronization interfaces for redundancy. If you are using more than one synchronization interface, define which interface is the primary, secondary, or tertiary interface. Synchronization redundancy is not supported on Small Business appliances. On these appliances, you can only select 1st sync and only for the LAN2/SYNC interface. You cannot configure VLANs on the synchronization interface.
   • Monitored Private - An interface that is not part of the cluster, but ClusterXL monitors the member state and failover occurs if a fault is detected.
   • Non Monitored Private - ClusterXL does not monitor the member state and there is no failover.

     This option is recommended for the management interface.

7. Click Next and then Finish to complete the wizard.

After you finish the wizard, we recommend that you open the cluster object and do these procedures:

• Define Anti-Spoofing properties for each interface
• Change the topology type (Internal or External) if necessary
• Configure other Software Blades, features and properties as necessary.

Wizard for Small Office Appliances

The Small Office Cluster wizard is recommended for these Centrally Managed Check Point appliances:

• 1100 appliances
• 1200R appliances
• 1400 appliances

To create a new Small Office cluster using Wizard Mode:

1. In SmartConsole, click Objects menu > More object types > Network Object > Gateways and Servers > Cluster > New Small Office Cluster.
2. In Check Point Security Gateway Cluster Creation window, click Wizard Mode.
3. In the Cluster General Properties window:
   1. Enter a unique name for the cluster object.
   2. Select the correct hardware type.
   3. Click Next.
4. In the Cluster Members window:
   1. Enter the member name and IPv4 addresses for each Cluster Member.
   2. Enter the one-time password for SIC trust.
   3. Click Next.
   4. Management Server will try to establish SIC with the Primary Cluster Member.
5. In the Configure WAN Interface page, configure the Cluster Virtual IPv4 address.
6. Define the Cluster Virtual IPv4 addresses for the other cluster interfaces.
7. Click Next, and then Finish to complete the wizard.

After you complete the wizard, we recommend that you open the cluster object and complete the configuration:

• Define Anti-Spoofing properties for each interface
• Change the Topology settings for each interface, if necessary
• Define the Network Type
• Configure other Software Blades, features and properties as necessary