Support Center > Search Results > SecureKnowledge Details
How to install Full HA cluster on Check Point appliances
Solution

Introduction:

This article provides the relevant guidelines for configuring Full High Availability (Full HA) cluster configuration.

These guidelines apply to all Check Point appliances running on Gaia OS / SecurePlatform OS,
as well as Virtual Appliances running vSEC Virtual Edition on Gaia OS
(Note: this article does not apply to vSEC for Amazon Web Services, vSEC for Microsoft Azure, vSEC for Google Cloud Platform, vSEC for VMware NSX, vSEC for VMware vCloud Air, vSEC for Cisco ACI, vSEC for OpenStack).

Both members of a Full High Availability (Full HA) cluster run Security Management Server and Security Gateway products.
One cluster member is Active, and one is Standby:

  • If the Active cluster member has a failure that affects the Security Management Server product and the Security Gateway product, both these products fail over to the Standby cluster member.
  • If the Security Management Server product on the Active cluster member experiences a failure, only the Security Management Server product fails over to the Standby cluster member.
    The Security Gateway product on the first cluster member continues to function.
  • If the Security Gateway product on the Active cluster member experiences a failure, only the Security Gateway product fails over to the Standby cluster member.
    The Security Management Server product on the first cluster member continues to function.

 

Action plan:

  1. Install both appliances.

  2. During the installation change each of the members Management interface IP address to the IP address you choose.

  3. With your web browser, connect to OS User Interface on each appliance:

    • Gaia Portal - https://<Management interface IP>
    • SecurePlatform WebUI - https://<Management interface IP>:4434
  4. Follow the First Time Configuration Wizard steps:

    • Configure each appliance as a Security Management Server and as a Security Gateway.
    • Configure the Advanced settings:
      • Select Unit is part of a cluster
      • Select ClusterXL
      • Select Primary for the primary member, or Secondary, for the secondary member
    • Configure administrator account credentials for the Security Management Server
    • Define the allowed SmartConsole clients
  5. Reboot each appliance.

  6. Configure Full High Availability cluster in the SmartDashboard.

  7. Install the network security policy on the Full HA cluster.

  8. Verify the cluster state on each appliance:

    [Expert@HostName:0]# cphaprob state

 

Important Notes:

 

Related documentation:

 

Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment