- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi All,
If you are using Smart-Cloud to manage your Security Gateways and are looking to deploy a Cluster - You will need to do this using the ADD EXISTING GATEWAY option.
When you provision/add a new gateway from Smart Cloud, this will create the Gateway Object within Smart Console. Now if these gateways need to be part of a cluster, then you will have to add them using the ADD EXISTING GATEWAY option.
Additionally the topology will now have the maas_tunnel interface also detected as part of the GET INTERFACES with TOPOLOGY.
I had my interface topology configured as below to work successfully.
Hope this is helpful.
Thank you for sharing this. This is indeed the way to do it today in Smart-1 Cloud.
Since Cluster is a very common deployment, I also wanted to share that we are working on a simpler way to do this, which will be similar to the way you connect a regular gateway.
This will be rolled out automatically for Smart-1 Cloud users.
When will this new deployment be ready?
Hello Abbas,
Thanks for sharing this, as I'm trying to setup my first cluster in Smart-1 Cloud.
I successfully connected the gateways and establish communication with Management Server with SIC Trust, and so far I have the maas_tunnel, inside, outside and sync interfaces for each GW. However when I try to setup a cluster following the wizard / or even classic mode as you suggest above, can you please advise what IP do we configure as a Cluster VIP IPv4 address ?
I also read the documentation, but all it says is not to use an IP from 100.64.x.x network. Still I don't figure out what IP I should use as a Cluster VIP.
Our deployment is in R80.40
Thanks for your help in advance,
Konstantinos
Hello Konstantinos,
The gateways get the automatic IP when establishing the maas tunnel, for the Cluster itself, you should provide your own virtual IP. Similar when connecting a cluster to an on-prem management, nothing special here for Smart-1 Cloud.
If you still have some challenges, please let me (@Anat_Eytan-Davi) or @Amiad_Stern know and we will be happy to assist,
BR,
Anat.
Hello Anat,
Thanks for your explanation. I understood that once you connect the GWs to the smart-1 Cloud, those get their 100.64.x.x/32 IPs ( MaaS tunnel IP). For the cluster VIP, I figured I could use the VIP of the inside interface ( cluster ).
Once the cluster was setup, in the Network Topology, the Inside / Outside / Sync interfaces, would be appear as it should. Nevertheless, there would be 2 entries, each for a different GW, where there would be the maas tunnel /32 IP.
I’m not sure if this is the expected outcome, to have in the Cluster Network Topology, different maas interface / per GW
Unfortunately, I cannot provide you with any screenshots, as finally we deployed the Management Server on premise ( VM-Open Server).
However, if there will be a case where I’ll need to setup a cluster on Smart-1 Cloud, I’ll return back to the same post.
Anyhow, thanks for your contribution and support on this case.
Kind Regards,
Konstantinos
Nice info!
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY