This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JackPrendergast
Advisor
Advisor
‎2020-03-29 03:45 AM
Jump to solution

Migrating Azure Single Gateway to Cluster HA

Hi,

 

Does anyone have any tips on how to successfully connect 2 gateways, deployed as single gateways, into a HA cluster?

There is an active single gateway serving as a remote access gateway, however there is another single gateway that is powered off, and was always planned to be used a 2nd member of the cluster but nobody ever migrated it.

 

Migration time is now happening - and I am asking for any advice around this. Is it a case of creating a cluster in SC, joining existing and turned off gateway, and making changes on the LB's in Azure?

 

Thanks in advance

0 Kudos
2 Solutions

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-03-29 04:48 AM
Jump to solution

Hi @JackPrendergast 

From what I understand, that's not an easy thing to do.
For a cluster a frontend and backend loadbalancer is used.

But I did this as follows:

>>> First: Migrate export on the management server <<<

1) Install a new Azure ClusterXL.
2) Create a new ClusterXL objekt and initialize a SIC for ClusterXL gateways.
3) Add the cluster to your policy and  add a license.
4) Add new incoming NAT rules.
5) Install the policy.
6) Create on the frontend Azure load balancer new incomming NAT rules.
7) Change the Azure routing on the backend load balancer.

>>> Now test the environment. <<<

8.) Delete the single gateway in the policy and delete the single gateway objekt.
9) Delete the Azure single gateway.

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

JackPrendergast
Advisor
Advisor
‎2020-03-29 09:42 AM
In response to HeikoAnkenbrand
Jump to solution

This seems a sensible solution. I have the change window later this week. I will report back. I really appreciate your input - and if you think of anything else in the mean time, please let me know!

View solution in original post

0 Kudos
2 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2020-03-29 04:48 AM
Jump to solution

Hi @JackPrendergast 

From what I understand, that's not an easy thing to do.
For a cluster a frontend and backend loadbalancer is used.

But I did this as follows:

>>> First: Migrate export on the management server <<<

1) Install a new Azure ClusterXL.
2) Create a new ClusterXL objekt and initialize a SIC for ClusterXL gateways.
3) Add the cluster to your policy and  add a license.
4) Add new incoming NAT rules.
5) Install the policy.
6) Create on the frontend Azure load balancer new incomming NAT rules.
7) Change the Azure routing on the backend load balancer.

>>> Now test the environment. <<<

8.) Delete the single gateway in the policy and delete the single gateway objekt.
9) Delete the Azure single gateway.

 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
JackPrendergast
Advisor
Advisor
‎2020-03-29 09:42 AM
In response to HeikoAnkenbrand
Jump to solution

This seems a sensible solution. I have the change window later this week. I will report back. I really appreciate your input - and if you think of anything else in the mean time, please let me know!
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    Sort by:
    All CloudMates Events