Installing Full High Availability Cluster

Procedure:

1. Install the first Cluster Member of the Full High Availability Cluster that runs the Primary Security Management Server

   Step	Instructions
   1	Install the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Operating System: Installing the Gaia Operating System on Check Point Appliances Installing the Gaia Operating System on Open Servers
   2	Follow Configuring Gaia for the First Time.
   3	During the First Time Configuration Wizard, you must configure these settings: In the Installation Type window, select Security Gateway and/or Security Management. In the Products window: In the Products section, select both Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and Security Management. In the Clustering section: Select Unit is a part of a cluster, type and select ClusterXL. In the Define Security Management as field, select Primary. In the Security Management Administrator window, select one of these options: Use Gaia administrator Define a new administrator and configure it In the Security Management GUI Clients window, configure the applicable allowed computers: Any IP Address - Allows all computers to connect This machine - Allows only the single specified computer to connect Network - Allows all computers on the specified network to connect Range of IPv4 addresses - Allows all computers in the specified range to connect
   4	Install a valid license. See Working with Licenses.
   5	With a web browser, connect to Gaia Portal Web interface for the Check Point Gaia operating system. at: https://<IP address of Gaia Management Interface> If you changed the default port of Gaia Portal from 443, then you must also enter it (https://<IP address>:<Port>).
   6	In the left navigation tree, click Network Management > Network Interfaces. Configure all required interfaces with applicable unique IP addresses.

2. Install the second Cluster Member of the Full High Availability Cluster that runs the Secondary Security Management Server

   Step	Instructions
   1	Install the Gaia Operating System: Installing the Gaia Operating System on Check Point Appliances Installing the Gaia Operating System on Open Servers
   2	Follow Configuring Gaia for the First Time.
   3	During the First Time Configuration Wizard, you must configure these settings: In the Installation Type window, select Security Gateway and/or Security Management. In the Products window: In the Products section, select both Security Gateway and Security Management. In the Clustering section: Select Unit is a part of a cluster, type and select ClusterXL. In the Define Security Management as field, select Secondary. In the Secure Internal Communication window, enter the applicable Activation Key (between 4 and 127 characters long).
   4	Install a valid license. See Working with Licenses.
   5	With a web browser, connect to Gaia Portal at: https://<IP address of Gaia Management Interface> If you changed the default port of Gaia Portal from 443, then you must also enter it (https://<IP address>:<Port>).
   6	In the left navigation tree, click Network Management > Network Interfaces. Configure all required interfaces with applicable unique IP addresses.

3. Connect the synchronization interfaces on both appliances

   Step	Instructions
   1	Connect a cable between the synchronization interfaces on both appliances. See the R81 ClusterXL Administration Guide - Chapter ClusterXL Requirements and Compatibility - Section Supported Topologies for Synchronization Network.
   2	With a web browser, connect to Gaia Portal on both appliances at: https://<IP address of Gaia Management Interface>
   3	In the left navigation tree, click Network Management > Network Interfaces.
   4	In the top right corner, click the Configuration button.
   5	Make sure the Link Status on the synchronization interfaces is Up.
   6	In the top right corner, click the Monitoring button.
   7	Click Refresh every several seconds. These counters must increase: Rbytes Rpackets Tbytes Tpackets

4. Install the R81 SmartConsole

   Follow Installing SmartConsole.

5. Configure the Full High Availability Cluster object in SmartConsole

   Step	Instructions
   1	Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Cluster Member Security Gateway that is part of a cluster. that runs the Primary Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..
   2	In the Security Cluster wizard, click Next.
   3	Enter the name of the Full High Availability Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object.
   4	Click Next.
   5	Configure the settings for the Full High Availability Cluster Member that runs the Secondary Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.: In the Secondary Member Name field, enter the hostname that you entered during the First Time Configuration Wizard. In the Secondary Member Name IP Address field, enter the IP address of the Gaia Management Interface (1) Interface on a Gaia Security Gateway or Cluster member, through which Management Server connects to the Security Gateway or Cluster member. (2) Interface on Gaia computer, through which users connect to Gaia Portal or CLI. that you entered during the First Time Configuration Wizard. Enter and confirm the SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. Activation Key that you entered during the First Time Configuration Wizard.
   6	Click Next.
   7	Configure the IP address of the paired interfaces on the appliances. Select one of these options: Cluster Interface with Virtual IP - Enter a Cluster Virtual IP address for the interface. Cluster Sync Interface - Configure the interface as the synchronization interface for the appliances. Non-Cluster Interface - Use the configured IP address of this interface.
   8	Click Next.
   9	Repeat Step 7 for all the interfaces.
   10	Click Finish.
   11	Publish the SmartConsole session.
   12	Install the Access Control Policy on this cluster object. Only after policy installation, can the Primary server synchronize with the Secondary server.
   13	Install the Threat Prevention Policy on this cluster object.

Note - You can also control the Full High Availability Cluster Members in Gaia Portal > High Availability > Cluster page.

For more information, see the:

• R81 Gaia Administration Guide

• R81 ClusterXL Administration Guide