Check Point R75 Cluster Setup
In this tutorial we will explore setting up a Check Point R75 Cluster consisting of 1 management server and 2 gateways.
Setting up a Check Point R75 Cluster
- First up, connect to your management server with smartdashboard. My management status is called cpmgmt. Right click on the Check Point object on the right hand side and select
UTM-1/Power-1/Open Server Cluster/IP series...
- Let’s select the Wizard Mode below.
- Give your cluster a name. I will call mine
CPCLUSTERand I will assign the cluster the ip address
10.10.10.1. You will see later where this is set. Select Check Point ClusterXL and select High Availability. Click Next.
- We now add in the gateways that we would like to participate in our cluster. Click Add and select New Cluster Member. I’m select this option because I don’t have any gateways belonging to the management server yet. If you already have your gateways being managed by your management server you can select Add Existing Gateway.
- Type in the IP address of your Check Point Gateway. The IP address of my first gateway called
10.10.10.2Type in the activation key that you setup during installation of your gateway and click Initialize. You should see Trust Established in the Trust State field. Click OK.
- Do the same for gateway 2. My second gateway is called
cpgw2and has an ip address of
10.10.10.3. Click OK.
- The 2 gateways are now added. Click Next >.
- In this section we will configure the topology of the cluster. I have left out the external interface on purpose so I can show you how to add it manually later. Click Next >.
- The first network I’ll setup is the Cluster Synchronization. Select Primary under Cluster Synchronization. Click Next >.
- The next interface I’ll setup is my internal network. Here I’ll set the Cluster Interface IP to
10.10.10.1with a Net Mask of
255.255.255.0. Click Next >.
- The cluster is now setup. Click Finish.
- As you can see on the right hand side, I have my cluster named
CPCLUSTERwith the 2 gateway members
- If you right click on
CPCLUSTERand select Properties, you can see the ClusterXL settings that are available.
- While still in the
CPCLUSTERproperties, click on Topology.
- Click Edit Topology…. As you can see in this screen shot, I have already setup the internal network with the Cluster IP
10.10.10.1and I’ve also setup the Sync network as
- Now I will add another interface to my gateways which iIll use for the External interface. After adding the interface I will click on Get… – All Members’ Interfaces with topology…
- The third network is added in. However under the
CPCLUSTERcolumn I will need to add the Cluster IP Address and Net Mask for the External network. Here I will add
192.168.1.101with a subnet mask of
255.255.255.0. IIve also changed the name of the interface to outside. I’ve also changed the name for the Internal interface to inside, just for my own reference. If you right click on the
192.168.1.101address and select Edit, you can set the topology to External. Click OK.
- Once your cluster is setup you must install the policy.
Disclaimer: This tutorial is performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.