Hello all,
I am looking for some guidance with creating a new Checkpoint cluster using 1530 SMB appliances.
I have an existing OpenServer cluster at our HQ site (R81.10) with a central SMS (also R81.10) and I need to deploy the 1530 cluster at a remote site across the Internet and centrally manage it. These new appliances are also R81.10.
The remote site is behind a 3rd party firewall/NAT with a single public IP.
This new cluster will be establishing a VPN tunnel to the HQ site.
The SMS is behind the HQ firewall with its own NAT'd public IP.
What is the best practice with respect to interface and gateway/cluster object IPs? For the new cluster and member objects, would I use the single remote public IP for all, or would I use the actual assigned physical private IPs, even though they aren't routable from the SMS? Do I need to try and obtain 3 public IPs for the remote site instead of just the one that have given me now? I'm not sure if that will be possible.
We use SmartConsole etc to manage the environment, we don't use any Checkpoint cloud management.
Here's my attempt at a diagram of the environment:
Thanks!