AnsweredAssumed Answered

Standalone to Full HA Member (VLANs, Cluster on different subnets, VPN, etc involved)

Question asked by Cesar Caballero on Aug 7, 2017
Latest reply on Aug 14, 2017 by Dameon Welch-Abernathy

Hello everyone.

We currently have a Check Point 4200 device installed and operating in Standalone mode in our company. With respect to Security Management, it has activated the most common Blades (Firewall, IPSec VPN, URL Filtering, etc.) with basic policies of internet connection for the internal network, access to the servers from the Internet and the clean up policy.
For the Security Gateway, the eth0 (LAN) port is configured with 10 VLANs (/24), the eth1 port for a VPN (/29) and the eth2 port for the Internet (a /30).
Under the above scenario, I must configure another Check Point 4200 so that it operates in HA with the previous one. These are my questions:
- How do I configure the IP of the internal cluster having the eth0 port 10 VLANs?
- The eth1 port will be released and the VPN and Internet will be coming in different VLANs on the same cable, is the configuration the same as in the previous case?
- What effect would it have on policies to apply the sk104699 to add the operational Check Point to a cluster in Full HA?

For the external network I planned to use the sk32073.

Thank you in advance.