Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Geovanny_Haro
Explorer

Converting a Security Gateway to a ClusterXL

Hi all.

What are the best practices for converting a Security Gateway to a ClusterXL en HA?

There is a guide in  ClusterXL Administration Guide, the steps are the following:

-Install a new Security Gateway. Use the standard procedure to create a new Cluster Member. Different IP from old fw.
-In SmartConsole, create a new cluster object. Configuration same as old fw. In topology, virtual IP would be the same address of original fw.
-Replace old fw object with new cluster object in policy rules, VPNs, etc.
-In the Cluster Members page, click Add > Add Existing Gateway. Select the newly installed Security gateway as cluster member and define topology.
-Then Install policy.

-In old fw, change the IP addresses of interfaces
-In the Cluster Members page, click Add > Add Existing Gateway. Select the old Security gateway as cluster member and define topology.
-Then Install policy.

What happens to VPNs?  Should i define a different Office Mode network in the new cluster object? If there is a VTI numbered VPN to AWS, could I configure any address in the field "Local Address" 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Are the VPN endpoints managed by the same management, third party, or?
There will be different certificates used for the cluster but they would be signed by the same CA.
Assuming the cluster IP is the same as the original gateway, the remote end probably won’t need a configuration change.
That said, the change is likely to be disruptive to the VPN due to the policy install, so it should be done during an appropriate maintenance window. 

0 Kudos
Geovanny_Haro
Explorer

Yes, VPN endpoints are managed by the same security management. Remote access users IP addressess are assigned following file configuration $FWDIR/conf/ipassignment.conf, so first column is updated to new cluster object name.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events