Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

CHECK POINT R75 CLUSTER SETUP

In this tutorial we will explore setting up a Check Point R75 Cluster consisting of 1 management server and 2 gateways.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

Setting up a Check Point R75 Cluster

1. First up, connect to your management server with smartdashboard. My management status is called cpmgmt. Right click on the Check Point object on the right hand side and select Security Cluster – UTM-1/Power-1/Open Server Cluster/IP series…

2. Let’s select the Wizard Mode below.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

3. Give your cluster a name. I will call mine CPCLUSTER and I will assign the cluster the ip address 10.10.10.1. You will see later where this is set. Select Check Point ClusterXL and select High Availability. Click Next.

4. We now add in the gateways that we would like to participate in our cluster. Click Add and select New Cluster Member. I’m select this option because I don’t have any gateways belonging to the management server yet. If you already have your gateways being managed by your management server you can select Add Existing Gateway.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

5. Type in the IP address of your Check Point Gateway. The IP address of my first gateway called cpgw1 is 10.10.10.2 Type in the activation key that you setup during installation of your gateway and click initialize. You should see Trust Established in the Trust State field. Click Ok.

6. Do the same for gateway 2. My second gateway is called cpgw2 and has an ip address of 10.10.10.3. Click Ok.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

7. The 2 gateways are now added. Click Next.

8. In this section we will configure the topology of the cluster. I have left out the external interface on purpose so I can show you how to add it manually later. Click Next.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

9. The first network I’ll setup is the Cluster Synchronization. Select Primary under Clsuter Synchronization. Click Next.

10. The next interface i’ll setup is my internal network. Here i’ll set the cluster ip to 10.10.10.1 with a net mask of 255.255.255.0 Click Next.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

11. The cluster is now setup. Click Finish.

12. As you can see on the right hand side, I have my cluster named CPCLUSTER with the 2 gateway members cpgw1 and cpgw2.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

13. If you right click on the properties of the CPCLUSTER, you can see the ClusterXL settings that are available.

14. While still in the CPCLUSTER properties click on Topology.

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

15. Click Edit Topology. As you can see in this screen shot, I have already setup the internal network with the cluster ip 10.10.10.1 and i’ve also setup the Sync network.

16. Now I will add another NIC to my gateways which i’ll use for the external interface. After adding the NIC I will click on Get – All Members’ Interfaces with topology…

Calle 100 # 17 A – 36 Of 212 ¤ Edificio One Hundred ¤ Teléfono : 6167785 ¤ Fax 7023050 www.net-support.net E-Mail : info@net-support.net

¤ Bogotá Colombia.

17. The third network is added in. However under the CPCLUSTER column I will need to add the cluster IP address for the external network. Here I will add 192.168.1.101 with a subnet mask of 255.255.255.0. I’ve also changed the name of the interface to Outside. I’ve also changed the name for the internal interface to inside. If you right click on the 192.168.1.101 address and select edit, you can set the topology to External. Click Ok.

18. Once your cluster is setup you must install the policy.