I don't really get the "anatomy" of a CP1400 series cluster. Two questions for you guys:
- Can I achive this setup with a 1400 series cluster config:
(active CP cluster member holds public WAN IP; on cluster failover, IP will be bound by new active (former inactive) member) - Is there more comprehensive information on clustering CP 1400 series than the 1 1/2 pages in the Check Point 1430/1450 Appliance Locally Managed Administration Guide?
As always; Thanks in advance for your feedback!
Hello Julius,
A cluster with SMB appliances is not very different from other Check Point appliances.
You need 3 static IP addresses on the same subnet for every cluster interface in order to make failover possible, 1 for each member (physical IP addresses) and a VIP address wich will change owner upon failover.
This means you would need a range of public IP adresses to connect your WAN interfaces.
What I have managed to do for costumers that had a single public IP address was to set the cluster behind the ISP router. The WAN interface would be in a private IP range (such as 192.168.0.0/24). Then I set the router to forward everything from the internet to the VIP address of the cluster. Not ideal, but it works.