Shares

Check Point R75 Cluster Setup

In this tutorial we will explore setting up a Check Point R75 Cluster consisting of 1 management server and 2 gateways.


Check Point R75 Cluster Lab

Setting up a Check Point R75 Cluster

1. First up, connect to your management server with smartdashboard. My management status is called cpmgmt. Right click on the Check Point object on the right hand side and select Security Cluster – UTM-1/Power-1/Open Server Cluster/IP series…


Check Point R75 Cluster Setup

2. Let’s select the Wizard Mode below.


Check Point R75 Cluster Setup

3. Give your cluster a name. I will call mine CPCLUSTER and I will assign the cluster the ip address 10.10.10.1. You will see later where this is set. Select Check Point ClusterXL and select High Availability. Click Next.


Check Point R75 Cluster Setup

4. We now add in the gateways that we would like to participate in our cluster. Click Add and select New Cluster Member. I’m select this option because I don’t have any gateways belonging to the management server yet. If you already have your gateways being managed by your management server you can select Add Existing Gateway.


Check Point R75 Cluster Setup

5. Type in the IP address of your Check Point Gateway. The IP address of my first gateway called cpgw1 is 10.10.10.2 Type in the activation key that you setup during installation of your gateway and click initialize. You should see Trust Established in the Trust State field. Click Ok.


Check Point R75 Cluster Setup

6. Do the same for gateway 2. My second gateway is called cpgw2 and has an ip address of 10.10.10.3. Click Ok.


Check Point R75 Cluster Setup

7. The 2 gateways are now added. Click Next.


Check Point R75 Cluster Setup

8. In this section we will configure the topology of the cluster. I have left out the external interface on purpose so I can show you how to add it manually later. Click Next.


Check Point R75 Cluster Setup

9. The first network I’ll setup is the Cluster Synchronization. Select Primary under Clsuter Synchronization. Click Next.


Check Point R75 Cluster Setup

10. The next interface i’ll setup is my internal network. Here i’ll set the cluster ip to 10.10.10.1 with a net mask of 255.255.255.0 Click Next.


Check Point R75 Cluster Setup

11. The cluster is now setup. Click Finish.


Check Point R75 Cluster Setup

12. As you can see on the right hand side, I have my cluster named CPCLUSTER with the 2 gateway members cpgw1 and cpgw2.


Check Point R75 Cluster Setup

13. If you right click on the properties of the CPCLUSTER, you can see the ClusterXL settings that are available.


Check Point R75 Cluster Setup

14. While still in the CPCLUSTER properties click on Topology.


Check Point R75 Cluster Setup

15. Click Edit Topology. As you can see in this screen shot, I have already setup the internal network with the cluster ip 10.10.10.1 and i’ve also setup the Sync network.


Check Point R75 Cluster Setup

16. Now I will add another NIC to my gateways which i’ll use for the external interface. After adding the NIC I will click on Get – All Members’ Interfaces with topology…


Check Point R75 Cluster Setup

17. The third network is added in. However under the CPCLUSTER column I will need to add the cluster IP address for the external network. Here I will add 192.168.1.101 with a subnet mask of 255.255.255.0. I’ve also changed the name of the interface to Outside. I’ve also changed the name for the internal interface to inside. If you right click on the 192.168.1.101 address and select edit, you can set the topology to External. Click Ok.


Check Point R75 Cluster Setup

18. Once your cluster is setup you must install the policy.


Check Point R75 Cluster Setup

If you have any technical questions about this tutorial or any other tutorials on this site, please open a new thread in the forums and the community will be able to help you out.

Disclaimer:
All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.