Print Download PDF Send Feedback

Previous

Next

Configuring the VRRP Security Gateway Cluster in SmartConsole

Step

Description

1

In SmartConsole, click Objects menu > More object types > Network Object > Gateways and Servers > Cluster > New Cluster.

The Check Point Security Gateway Cluster Creation window opens.

2

Click Wizard Mode.

3

Define these:

  • Cluster Name
  • Cluster IPv4 Address
  • For an IPv6 cluster: Cluster IPv6 Address

4

In the Choose the Cluster's Solution field, select Gaia VRRP.

5

Click Next.

6

On the Cluster members' properties page, add the cluster members.

7

Click Finish.

Configuring VRRP Rules for the Security Gateway

  1. Define this rule above the Stealth Rule in the Rule Base:

    Source

    Destination

    VPN

    Services &
    Applications

    Action

    Firewalls (Group)
    fwcluster-object

    mcast-224.0.0.1

    Any

    vrrp
    igmp

    accept

    Where:

    • Firewalls -Simple Group object containing the firewall objects.
    • fwcluster-object - the VRRP cluster object.
    • mcast-224.0.0.18 - Node Host object with the IP address 224.0.0.18.
  2. If your Security Gateways use dynamic routing protocols (such as OSPF or RIP), create new rules for each multicast destination IP address.

    Alternatively, you can create a Network object to show all multicast network IP destinations with these values:

    • Name: MCAST.NET
    • IP: 224.0.0.0
    • Net mask: 240.0.0.0

    You can use one rule for all multicast protocols you agree to accept, as shown in this example:

    Source

    Destination

    VPN

    Services &
    Applications

    Action

    All Cluster
    IP addresses

    fwcluster-object

    MCAST.NET

    Any

    vrrp
    igmp
    ospf
    rip

    accept

24 March 2019
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2019 Check Point Software Technologies Ltd. All rights reserved.