Day-10 | Clusterxl Configuration in CheckPoint Firewall R80.10 | HA | Active/Standby | Load Sharing

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello friends welcome to my youtube channel technet guide friends in this video i am going to tell you how to configure cluster in checkpoint firewall so friends in term of checkpoint point cluster pro redundancy in network so friend there is three mode in checkpoint firewall first is actually mode high availability mode in high availability at a time one firewall will be active and other firewall will be standby so second is load sharing multicast mode in load sharing multicast mode both firewall will be active and both firewall will share 50 50 traffic and third one is load sharing unicast mode so in this term one firewall will be in private mode okay it will share 30 traffic and other firewall will be share 70 traffic why it will save 70 percent traffic and power private forward reset 30 percent traffic because private firewall will take decision which traffic sent to other firewall for process and weight and wish traffic private farewell will process so is taking decision so it will process only 30 traffic okay this is my topology here on which you are going to perform live this is my firewall one and this is firewall2 okay this is my inside network 192.168.10.0 my firewall one inside ipa is 10.1 192.168.10.1 other firewall inside interface iph1 ips 10.2 okay so here here will be my virtual ip virtual ipv will be 10.100 for this network for this network my gateway will be virtual ip all traffic will pass through this virtual ip and this is my gateway because if i will put this gateway then this firewall will be down our network will be down so there is a virtual ib concept in checkpoint firewall okay so in outside zone my network is 4.2.2.0 okay here my virtual ip will be 4.2200 and it is 2 interface outside firewall one ip address 4.1 ets to interface for firewall to ip address 4.2.2.2 okay so so for this gateway will be photo200 and this is my ets3 and it is three sync interface it will be sync okay sync interface will synchronize active firewall connection table state table connection table to standby firewall okay and it will also send her bit to eastern by firewall so let's see how to configure go to smart dashboard so from now we have to go to smart dashboard okay here is my smart dashboard login here here is my smart dashboard so you interfaces of my firewall here is my fireball on so i will show you interface fw get ips this is my firewall one interfaces an ip address okay it is 0 is my management 70 to 200 in my firewall ip management type address and ath 1 10.1 ats 2 4. it is 2 is 4.1 okay and at h3 sync interface is 1.1 okay and parallel to let's say check parallel to ip address my parallel to ip address is zero 70.200.202 and eight each one ip address is 10.2 and it is two outside interface ip 4.22 and sync interface type is 1.2 okay so now go to smart dashboard and here we will add gateway both gateway here okay click here and click on gateway now click on wizard mode now provide the firewall name firewall1 open server in my case provide the management ip address of firewall 1 70 dot two zero one okay now click on next now here we have to establish trust with sikki provide secure okay then click on next you can see just established here now click on finish now go to network management and we have to patch typology here okay click on ok now we have to add another firewall parallel to gateway fw to open server in my case 192 168 70.202 then click on next provide sikki here and then click on next now check established here click on finish go to network management click on get interface technology here we have added both the gateway now we have to create cluster here click on cluster and cluster wizard mode now provide a cluster name cluster a provide the cluster name okay so here cluster ip 192 168 210 this is my cluster ip so we are going to configure high voltage later we will see load sharing okay so click on next now we have to add gateway we have to add gateway here both gateway existing gateway click on upgrade add yes now add another gateway firewall to click on add yes yes now then click on next here click on next now this is my sync interface so we have to select cluster synchronization okay then click on next and this is my outside interface okay so we will keep in cluster okay now provide the virtual ip address folder 2 to 200 and 78 mask 0 then click on next so this is my inside zone inside network so we will keep in cluster one and virtual ip address provide here 10.100 okay subnet mask zero and click on next and this interface i will keep as a private because i if my management interface goes down i don't want to switch over or failover okay now now click on next click on finish here so friends you can see cluster is created here we have added both the gateway in cluster double click on it cluster now click on cluster member here you can see firewall one priority is high and parallel to priority is low so we you can increase priority from here which firewall will be active and okay now go to cluster excel so you can see here is a high availability we will configure first high availability then we'll later we'll see load sharing okay click on network management click on network management here so you can see virtual ip firewall one api address firewall to ip address here is virtual ip so now click on ok then click on publish here and click on install database database installed here so before going to install policy let's check here cluster status cph pro stat module hm model not restarted now we have to install policy click on install policy and click on install now let's go to parallel one and run command cp hf pro stat cph probe state press enter now you can see my firewall 1 is active and parallel two is standby mode okay now go to firewall to run command here cpha pro state so you can see local firmware is parallel to for parallel to this one is local and standby and parallel one local firewall is active okay so now run this command cph probe minus a if interface status management database when disconnected okay no so ath one is up it is two-way app and sync interfaces up this is my virtual ip4 inside and this is for outside okay so now let's check traffic here ping 4. 2 2 10 minus t okay you can see i'm able to ping from so friends you can see i am able to ping from this pc this is my len pc okay i'm able to ping from here to here okay so successfully is working so now let's check here parallel status is firewall1 is my active firewall okay now we will do one thing here we will set down inside interface we will set down this interface and we will see ping status okay set interface eth1 state op will do off and we'll see what will happen and also will monitor ping response stay top and here is my ping response you can see no any packet dropped here and you will see parallel status cluster status so you can see firewall 1 local parallel is down and parallel 2 is active okay go to parallel to okay local parallel is active and the system way okay so now enable this interface so again we'll see state so firewall one is standby okay now we will see now we will see multicast mode okay so go to smart dashboard and go to cluster and click on cluster excel via vrp now we will configure your load sharing multicast we'll select a load sharing then we'll see both firewall will pass 50 50 traffic now click on install policy now click on install policy here now publish now click on install now pulse installation success now let's see our cholesterol status you can see both firewall is active and both parallel is passing 50 50 traffic okay in load setting multicast both firewall will be active and both furl will pass 50 50 traffic okay you can see now we will see third mode now we will see load sharing unicast mode click on cluster excel and here we will select unicast okay click on ok and install policy and we will see what happened now pulse installed now pulse installed successfully now go to firewall one run command again cpg probe state now this is my now friends this is my local firewall active and private mode by boat mode means it will process only 30 traffic and other firewall will process 70 traffic because why this spiral process only 30 percent traffic because this is pivot mode it will take so this viral responsible to take decision which traffic pass to other firewalls for process and which traffic keep this parallel for process this that's why this parallel will process only 30 traffic okay in this video you have seen how to configure cluster in checkpoint firewall so thanks for watching this video have a nice day

Info

Channel: TechNet Guide

Views: 240

Rating: undefined out of 5

Keywords: checkpoint firewall, clusterxl, cluster xl, cluster configuration, checkpoint firewall cluster, failover, active active, active standby, checkpoint firewall tutorial, checkpoint firewall cluster failover command, checkpoint cluster priority, checkpoint clusterxl r80, checkpoint clusterxl setup r80, active active cluster checkpoint, clustering in checkpoint firewall, cluster configuration checkpoint, how to create cluster in checkpoint firewall, checkpoint cluster

Id: FRcck23stCE

Channel Id: undefined

Length: 15min 17sec (917 seconds)

Published: Sat Oct 30 2021