In that case, please follow below process that TAC gave me for customer that wanted to do EXACT same thing. Version makes no difference, so would not sweat about that.
Link to a document:
https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_ClusterXL_AdminGuide/html_fr...
https://dl3.checkpoint.com/paid/48/4808360334cfd91e38eb192da36ea686/CP_R80.30_ClusterXL_AdminGuide.p...
The documentation mentions the Standalone deployment for those who have a Standalone firewall and would like to convert it to ClusterXL. In your situation, you can go straight to page 151. "Creating the ClusterXL Object"
Computer B refers to your new firewall and Computer A is your current firewall.
Basically here are the steps:
- Install and configure the new cluster member. (Computer B)
- make sure that the new firewall can talk to the old firewall and vice versa.
- Configure the local configuration such as authentication server, hostname, static route, dynamic route etc.
- In the policy, remove any references to the old firewall.
- Create a new cluster object in SmartConsole.
- Configure the interfaces, Antispoofing, Office mode etc.
- The cluster VIP will be the old firewall local IP
- Open the Cluster object and in the "Cluster Members" page, click Add, and select New Cluster Member.
- Establish SIC
- Get interface without topology
- Define a Sync interface
- Install the policy on the cluster currently including member B only.
- On the old firewall.
- Disconnect all proposed cluster and Synchronization interfaces. New connections now open
through the cluster, instead of through computer 'A'.
- Change the addresses of these interfaces to some other unique IP address which is on the
same subnet as computer B.
- Connect each pair of interfaces of the same subnet using a dedicated network. Any hosts or
Security Gateways previously connected to the Security Gateway must now be connected to
both members, using a hub/switch.
- Update the topology of the Security Gateway that you just added by clicking Get Topology without interface.
- In the Cluster Members page, click Add and select "Add Security Gateway to Cluster"
- Select the old firewall
- In the "Edit Topology" page, determine the interface type.
- Configure the Policy base. (VPN domain, rule base, NAT if needed)
- Install the policy.