CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Change Cluster hardware R75.45 No IP change

  1. #1
    Join Date
    2006-12-06
    Posts
    2
    Rep Power
    0

    Default Change Cluster hardware R75.45 No IP change

    Iíve stumbling with the following:

    Iíve got a R75.45 cluster witch two UTM270. In due of performance issues they buy two 4200 appliances
    The UTM270 is running GAIA. Can you tell me witch step I would take to change the cluster to 4200 hardware.
    They also need to keep the IP addresses. They got a separate Smart 1-5 appliances for management.

    Is there a big bang of can we do this with no downtime.

    Can you help me out.

    Thanks

    Jaco Wevers
    CCSA Consultant Onsight

  2. #2
    Join Date
    2012-07-10
    Location
    Zurich, Switzerland
    Posts
    252
    Rep Power
    7

    Default Re: Change Cluster hardware R75.45 No IP change

    Set the expections right when talking about "downtime" in clusters. No downtime does not neccessarely mean no loss of connections!
    If you are going to replace the HW of cluster while keeping the same IP addresses, you will always interrupt your traffic.
    There are several ways to shorten that period, but it will not be zero.
    Reasons are:
    - You need to kill and re-establish the SIC between management and gateways
    - You might need to modifiy the Check Point Cluster object due to changes in the NIC Naming
    - You have to clear the arp cache on the adjacent routers
    Consult the aproriate R7x installation and upgrade documentation for details.

  3. #3
    Join Date
    2006-12-06
    Posts
    2
    Rep Power
    0

    Default Re: Change Cluster hardware R75.45 No IP change

    Quote Originally Posted by slowfood27 View Post
    Set the expections right when talking about "downtime" in clusters. No downtime does not neccessarely mean no loss of connections!
    If you are going to replace the HW of cluster while keeping the same IP addresses, you will always interrupt your traffic.
    There are several ways to shorten that period, but it will not be zero.
    Reasons are:
    - You need to kill and re-establish the SIC between management and gateways
    - You might need to modifiy the Check Point Cluster object due to changes in the NIC Naming
    - You have to clear the arp cache on the adjacent routers
    Consult the aproriate R7x installation and upgrade documentation for details.
    Thanks for your reply

    I'm aware that there wil be some downtime. The new cluster will have the same adresses. So yes i'm aware of that.
    To reduce the downtime. I'm looking for a correct procedure.

    My conception:

    * install the two 4200 with R75.45
    * define the correct IP adresses, ntp, dns, routes on the appliances
    * Define the sic name
    * connect the cables to the 4200 appliances
    * correct the fw properties
    * sic
    * policy push
    * Test
    * not working connect the cabels back to the old fw. ( than re-esablish the sic )

    I'm I correct. Please let me kown....
    Thanks

Similar Threads

  1. Wrong IP set on Cluster Gateway object in Smartdashboard - need to change it
    By kaland in forum Advanced Networking & Clustering Blade
    Replies: 2
    Last Post: 2013-02-01, 18:31
  2. SPLAT R75 Build 141 IP Change Fails
    By djstrattos in forum Check Point SecurePlatform (SPLAT)
    Replies: 6
    Last Post: 2011-05-17, 18:11
  3. Need to change anti-spoofing on cluster
    By Tekman in forum Installing And Upgrading
    Replies: 2
    Last Post: 2009-12-31, 00:08
  4. Cluster Failed After timezone change???
    By menz456 in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2008-07-07, 12:52
  5. Change firewall gateway IP in cluster
    By antonyso88 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 2
    Last Post: 2008-02-12, 21:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •