Creating a SmartLSM Small Office Appliance Cluster

Make sure you have a SmartLSM clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Security Profile defined in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. before you create a Small Office Appliance cluster in SmartProvisioningClosed Check Point Software Blade on a Management Server (the actual name is "Provisioning") that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: Large-Scale Management, SmartLSM, LSM..

  1. In the navigation tree, click Devices.

  2. From the Launch Menu, select File > New > Small Office Appliance Cluster.

    The SmartLSM Security Cluster General Properties page opens.

  3. Enter a unique Cluster Name Prefix (Suffix is optional).

    The SmartLSM Security Cluster name is:
    <prefix>cluster<suffix>.

  4. In Cluster Main IP Address, enter the real external virtual IP address for your actual gateway cluster.

  5. Click Next.

  6. Configure these settings:

    1. Hardware - Select the gateway hardware version.

    2. Version - Select the firmware version for the device.

    3. Security Profile - Select the SmartLSM Cluster Profile that was created in SmartConsole.

    4. Provisioning - Select Enable Provisioning to enable the management of this gateway by provisioning configurations:

    • No Provisioning Profile - Select to enable provisioning but not yet assign a specific profile.

    • Provisioning Profile - Select to assign to this gateway from the drop-down list.

  7. Click Next

    The Cluster Names page opens.

    The names of the cluster members are shown with the configured prefix.

  8. Click Next.

    The More Information page opens.

  9. Click Edit to override the settings of the template topology on each of the interfaces. For example, select WAN and click Edit.

    The interface's window opens:

    1. In IP Address Override, enter the actual network IP address to override the template Network address.

    2. Click OK and do this procedure again for all the interfaces.

    3. Click Next.

  10. Select a member and click Initialize:

    1. Enter the trusted communication (SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server.) details.

      Click OK.

    2. Do this again for the second member.

    3. Click Next.

  11. Select how to create a VPN certificate:

    • For a VPN certificate from the Internal Check Point CA, select I wish to create a VPN Certificate from the Internal CA.

    • For a VPN certificate from a third party CA (for example, if your organization already has certificates from an external CA for other devices), clear this checkbox and request the certificate from the appropriate CA server.

  12. Select Edit SmartLSM cluster properties after creation to work with the newly created object

  13. Click Finish.

After the wizard finishes, the SIC initialization takes a few minutes to complete. When it completes, you can see the cluster object and its two members. Double-click the cluster object to see that the topology is configured with the actual addresses.

On each Small Office Appliance, open the WebUI Home > Security Management page and click Fetch Policy to manually pull the policy immediately. Alternatively, the appliance connects to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. at predefined periodic intervals to pull the policy.