Creating a Cluster managed by Smart-1 Cloud

Abbas_Khumanpur · ‎2020-07-11

Hi All,

If you are using Smart-Cloud to manage your Security Gateways and are looking to deploy a Cluster - You will need to do this using the ADD EXISTING GATEWAY option.

When you provision/add a new gateway from Smart Cloud, this will create the Gateway Object within Smart Console. Now if these gateways need to be part of a cluster, then you will have to add them using the ADD EXISTING GATEWAY option.

Login into Smart Console (connecting to your management Instance in Smart Cloud).
Create a New Cluster
Give it a Name and IP Address
Then under Cluster members --> Add --> SELECT Add existing Gateway.

Additionally the topology will now have the maas_tunnel interface also detected as part of the GET INTERFACES with TOPOLOGY.

I had my interface topology configured as below to work successfully.

Hope this is helpful.

Tomer_Noy · ‎2020-07-11

Thank you for sharing this. This is indeed the way to do it today in Smart-1 Cloud.

Since Cluster is a very common deployment, I also wanted to share that we are working on a simpler way to do this, which will be similar to the way you connect a regular gateway.

This will be rolled out automatically for Smart-1 Cloud users.

BenMorris

When will this new deployment be ready?

KonstantinosT · ‎2020-12-10

Hello Abbas,

Thanks for sharing this, as I'm trying to setup my first cluster in Smart-1 Cloud.

I successfully connected the gateways and establish communication with Management Server with SIC Trust, and so far I have the maas_tunnel, inside, outside and sync interfaces for each GW. However when I try to setup a cluster following the wizard / or even classic mode as you suggest above, can you please advise what IP do we configure as a Cluster VIP IPv4 address ?

I also read the documentation, but all it says is not to use an IP from 100.64.x.x network. Still I don't figure out what IP I should use as a Cluster VIP.

Our deployment is in R80.40

Thanks for your help in advance,

Konstantinos

Anat_Eytan-Davi · ‎2020-12-12

Hello Konstantinos,

The gateways get the automatic IP when establishing the maas tunnel, for the Cluster itself, you should provide your own virtual IP. Similar when connecting a cluster to an on-prem management, nothing special here for Smart-1 Cloud.

If you still have some challenges, please let me (@Anat_Eytan-Davi) or @Amiad_Stern know and we will be happy to assist,

BR,

Anat.

KonstantinosT

Hello Anat,

Thanks for your explanation. I understood that once you connect the GWs to the smart-1 Cloud, those get their 100.64.x.x/32 IPs ( MaaS tunnel IP). For the cluster VIP, I figured I could use the VIP of the inside interface ( cluster ).

Once the cluster was setup, in the Network Topology, the Inside / Outside / Sync interfaces, would be appear as it should. Nevertheless, there would be 2 entries, each for a different GW, where there would be the maas tunnel /32 IP.

I’m not sure if this is the expected outcome, to have in the Cluster Network Topology, different maas interface / per GW

Unfortunately, I cannot provide you with any screenshots, as finally we deployed the Management Server on premise ( VM-Open Server).

However, if there will be a case where I’ll need to setup a cluster on Smart-1 Cloud, I’ll return back to the same post.

Anyhow, thanks for your contribution and support on this case.

Kind Regards,

Konstantinos

Infinigate_Sup · ‎2020-12-13

Nice info!