Disjoining cluster members

[lenrenee]

Hello,

I was wondering if anyone as experiences (or may have good documentation/threads) on the current firewall work I am undertaking.

We currently have 2 Check Point VPN-1(TM) & FireWall-1(R) NG with Application Intelligence (R55) HFA_15, Hot fix 528 - Build 00 firewalls in a ClusterXL configuration. The task I have before me is to split the cluster members, so I may transport, and configure the firewall at a new IDC we are building out.

From there, the firewall will need to be reconfigured, as well as joined with a new magmt station, as its current mgmt station will not be accessible. Eventually, the old firewall peer will also be transported over to the new IDC, and the new cluster configuration will be renewed.

Regards,
Lenny

[mcnallym]

I would basically treat this as if a new build.

What I would do is remove the firewall from the existing cluster in the smartdashboard, making sure you remove the backup.

Then run the remaining node as a single node cluster.

At the new location I would do a completely fresh install of the Check Point box. You haven't specified what OS, but I am guessing SPLAT as is ClusterXL. Build this box as a single node cluster initially and SIC to the new management server. I have found just as quick to rebuild SPLAT and run the sysconfig then going through and changing everything on the box.

Treat this as if a new install, and then when the other box is ready to be moved across you can rebuild as a new member and slot into the cluster easily.