This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mikula83
Contributor
‎2025-04-23 02:33 AM
Jump to solution

ClusterXL and Smart-1 Cloud as a management

Hello,

please let me know is it possible to have different IPs on real and VIP interfaces on outside interface if you use Smart-1 Cloud as a management server.  (Lets assume you get a public IP from ISP with mask-length 30, for examle 90.90.90.0/30, 90.90.90.2 is default gateway and 90.90.90.1 is VIP on ClusterXL outside interface, Is it possible to have private IPs on real interfaces?)

I know that it is possible when you have on-prem management server but I'm not sure when you have Smart-1 Cloud management server.

 

My next question is about licenses. If you buy Smart-1 Cloud license to manage 5 gateways and you have ClusterXL with two gateways does it consume 1 or 2 licenses?

 

Best regards,

Milan Babic

1 Solution

Accepted Solutions
Wolfgang
MVP Gold
MVP Gold
‎2025-04-23 04:06 AM
Jump to solution

@Mikula83 it's not possible to manage a cluster with private IP-addresses. All nodes of the cluster must be reachable via Internet.

Configuring Cluster Addresses on Different Subnets

  • It is not possible to manage the Cluster over the Internet when the IP addresses of its members and the VIP address are configured on different subnets.In such configuration, the IP addresses of cluster members are supposed to be configured with private IP addresses (RFC 1918), and only one Cluster VIP address is supposed to be public. Private IP addresses (RFC 1918) are not allowed over the Internet. As a result, communication from the external Management Server to the private IP addresses of the physical cluster members will not be possible over the Internet for services such as SIC.
  • Quantum Smart-1 Cloud can manage Cluster Members that do have public IP addresses on the Internet. For instructions, see the Quantum Smart-1 Cloud Administration Guide.

Rregarding the licenses... a cluster of X gateways consume X gateway licenses.

View solution in original post

4 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-04-23 03:30 AM
Jump to solution

Afaik, OnPremise and Smart-1 Cloud SMS have the same functionality except the limitations from https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-... !

Licenses to manage GWs are counted by GW - you can use HA or LS Clustering, so this is understandable, and the same is true of services that have to be bought for each GW, even if only used as Standy node in ClusterXL...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2025-04-23 04:06 AM
Jump to solution

@Mikula83 it's not possible to manage a cluster with private IP-addresses. All nodes of the cluster must be reachable via Internet.

Configuring Cluster Addresses on Different Subnets

  • It is not possible to manage the Cluster over the Internet when the IP addresses of its members and the VIP address are configured on different subnets.In such configuration, the IP addresses of cluster members are supposed to be configured with private IP addresses (RFC 1918), and only one Cluster VIP address is supposed to be public. Private IP addresses (RFC 1918) are not allowed over the Internet. As a result, communication from the external Management Server to the private IP addresses of the physical cluster members will not be possible over the Internet for services such as SIC.
  • Quantum Smart-1 Cloud can manage Cluster Members that do have public IP addresses on the Internet. For instructions, see the Quantum Smart-1 Cloud Administration Guide.

Rregarding the licenses... a cluster of X gateways consume X gateway licenses.

PhoneBoy
Admin
Admin
‎2025-04-23 12:21 PM
Jump to solution

ClusterXL requires a management license for each member of the cluster (thus you need two).
If you do this with ElasticXL (requires R82), only one management license is required (for the SMO).

0 Kudos
Mikula83
Contributor
‎2025-04-23 11:33 PM
In response to PhoneBoy
Jump to solution

Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events