Skip to main content

Cluster

 


VMnet1 : 192.168.1.0/24

VMnet2 : 1.1.1.0/24

To create a Cluster setup it required 3 interface that need to be configure first.

As per the above diagram we required 3 VMnet (Vmware Networks) to configure three interface.

VMnet0 : 172.16.100.0/24

IP Address Details

Gateway 1 (Active) IP : Internal (eth0) –> 192.168.1.2/24 || External (eth2) –>172.16.100.121/24

Gateway 2 (Standby) IP : Internal (eth0) –> 192.168.1.3/24 || External  (eth2) –>172.16.100.122/24

Cluster VIP (Virtual IP) : Internal –> 192.168.1.5/24 || External –> 172.16.100.125/24

Sync IP : Active Gateway (eth1) —> 1.1.1.2/24  ||  Standby Gateway (eth1) —> 1.1.1.3/24  (NO VIP Required)

Route

Internal LAN (192.168.1.0/24) —->  Default Gateway (VIP : 192.168.1.5/24)

Gateway IP (172.16.100.121/24  & 172.16.100.122/24) —> Default Gateway (VIP:172.16.100.1/24)

HOST Machine (Where VMware is running) —> 192.168.1.1/24

VMNet Details

VMnet0 : Auto-Bridging  : External : 172.16.100.0/24

VMnet1 : Host-Only : Internal  : 192.168.1.0/24

VMnet2 : Host-Only : Sync : 1.1.1.0/24

STEP 01: Check the IP address of the HOST machine where the VMware is running .By default it take First Host address.

NOTE : VMnet0 is auto bridge ,so basically that connected to my Wifi Network so I can’t give 172.16.100.1 because that already assign to my WiFi Router address so 172.16.100.1 is our default gateway.(Check your “Route Router IP Address”) so basically I assign three free IP address of my WiFi network which I define as External Interface

Check the First Host ID of three VM Network Adapter.

VMware Hardware configuration Details.

Memory : 4GB (Minimum)

Procesor : 2 (MInimum)

NOTE: Configuration can be scale its fully depends upon the hardware resources you have , I mention minimum requirement

More details for VMware hardware configuration for gateway1.



STEP 02: Start the Gateway1 virtual machine.

Asking for the IP address of the eth0 interface which come on Vmnet1 (Network:192.168.1.0/24) then Click “OK”

STEP 03: Assign IP address.

IP Address : eth0 : 192.168.1.2

Netmask : 255.255.255.0

Default Gateway : You can also configure after installation

 

STEP 04 : More details for VMware hardware onfiguration for Gateway 2

 

STEP 05: Start the Gateway2 virtual machine.

Asking for the IP address of the eth0 interface which come on Vmnet1 (Network:192.168.1.0/24) and then Click “OK”

Note: You can run any gateway VM on my case I first ready the gateway 2 so basically this one I will making as standby gateway.

 

STEP 06: Assign IP address.

IP Address : eth0 : 192.168.1.2

Netmask : 255.255.255.0

Default Gateway : You can configure later after installation

 

STEP 07: After Power on the Gateway1 VM machine.

Login with below default credentials.

Username : admin | Password : admin

Check the IP address details.

Command : Clish>lock database override
          Clish>show configuration interface

 

STEP 08: After Power on the Gateway2 VM machine.                

Login with below default credentials.

Username : admin | Password :admin

Check the IP address details.

Command : Clish>lock database override
          Clish>show configuration interface

Asking to Run the first time configuration wizard

 

STEP 09: Open the GAIA WebUI for run the First Time Configuration Wizard

Before that ping the IP address of “eth0” interface to check the communication.

login to By Default credentials

username : admin | password: admin  and Click “Login”

 

STEP 10: Verify the IP address of Gateway1.

 

STEP 11: Verify the IP address of Gateway 2.

 


STEP 12: Assign DNS address to Gateway1.

NOTE : I am using Google DNS

 

STEP 13: Assign DNS address to Gateway2

NOTE : I am using Google DNS

 

STEP 14: Select ” Security Gateway and/or Security Management” in Gateway1.

Click “Next”.

 

STEP 15: Select ” Security Gateway and/or Security Management” in Gateway2.

Click “Next”.

 

STEP 16: UnMark “Security Management” in Gateway1. (IMP)

Select “Unit is part of a cluster type” as “ClusterXL”

Mark ” Automatically dowload Blade contracts and other iportant data (highnly recommanded)”

NOTE: “Unit is part of a cluster type” optional if you not select during the first time configuration wizard then also we able to configure the Cluster but it will be easy if you select during First Time Configuration Wizard.

 

STEP 17: UnMark “Security Management” in Gateway1. (IMP)

Select “Unit is part of a cluster type” as “ClusterXL”

Mark ” Automatically dowload Blade contracts and other iportant data (highnly recommanded)”

NOTE: “Unit is part of a cluster type” optional if you not select during the first time configuration wizard then also we able to configure the Cluster but it will be easy if you select during First Time Configuration Wizard.

 

STEP 18: Give a Secure Internal Communication (SIC) key for Gateway1 , this key is required during establish SIC between Security Management Server and Security Gateway so make sure to note this.

STEP 19: Give a Secure Internal Communication (SIC) key for Gateway2 , this key is required during establish SIC between Security Management Server and Security Gateway so make sure to note this.

 

STEP 20: Set a Expert Password for Gateway1

Command : Clich>set expert-password (And then click Enter to set Password for Expert Mode)

 

STEP 21: Set a Expert Password for Gateway2

Command : Clich>set expert-password (And then click Enter to set Password for Expert Mode)

 

STEP 22: Assign the IP address for remaining Sync interface “eth1″(VMnet2:1.1.1.0/24) and external interface “eth2” (VMnet0:172.16.100.0/24).

eth0 : 1.1.1.2/24 and eth1:172.16.100.121/24

Command : Clish>set interface eth1 ip4-address 1.1.1.2 mask-length 24
Clish>set interface eth2 ipv4-address 172.16.100.121 mask-length 24

NOTE  : You can also assign the IP address by GAIA WebUI (GAIA PORTAL)

 

STEP 23: State on the Interface “eth1” and “eth2”.

Command : Clish_SG1>set interface eth1 state on
Clish_SG1>set interface eth2 state on

 

STEP 24: Assign the IP address for like for Sync interface which is “eth1” (VMnet2:1.1.1.0/24) and external interface which is “eth2” (VMnet0:172.16.100.0/24).

Assign IP adress as: eth0 : 1.1.1.3/24 and eth1:172.16.100.122/24

Open GAIA WebUI of Gateway2 —> Network Interface —> Mark “Enable” to UP the interface and assign the IP address with subnet mask.

STEP 25: Verify the IP address and interface status.

 

STEP 26: Assign IP address to the External Interface “eth2”.

STEP 27: Verify the Interface status with IP address.

 

STEP 28: Now Power ON the Management Server if not

We already the configure the Management Server with IP : 192.168.1.10/24.

 

STEP 29: Open the SmartConsole by putting the Management Server IP address with Login credentials.

Smart Console is open Successfully.

STEP 30: Now Create a Cluster so for that need to create a Cluster Object.

Location : SmartConsole —> *New —> Network  Object —> Gateway and Server —> Cluster —> Cluster…

 

STEP 31: Click “Wizard Mode”

Note : You can also choose Classic Mode to configure but I like Wizard Mode

 

STEP 32: Cluster Name : CLUSTER (Any Name)

Cluster IPv4 Address : 192.168.1.5  (Assign the Virtual IP Address)

Select “High Availability” like Active/Standby (100%/0%)

Click on “Next”

NOTE : You can also select “Load Sharing” (50%/50% and 70%/30%) but in R80.20/R80.30 still not yet supported for load sharing so if you want this requirements then you need to install the specific Hotfixin R80.40 it’s already included but please also check the limitations part when using Load Sharing in R840.

 

STEP 33: Add the Cluster Gateway Member so Select Add —> “New Cluster Member” .

Add Existing Gateway means if you already have Gateway like I have gateway with name “SG” BUT I need to added the new security gateway that I already configured.

 

STEP 34: Adding Gateway1.

Name : SG1

IPv4 Address : 192.168.1.2  (eth0 interface IP address)

Activation Key : **** (Put the SIC key that you mention during First Time Configuration Wizard).

Confirm Activation Key : **** (Put the Key again)

Click “Initialize”.

SIC is Establish Successfully showing “Thrust established”

NOTE : In case SIC failed then you can recreate a SIC by taking ssh of security gateway and run “cpconfig” utility to reset the SIC.

 

STEP 35: Verify the Security Gateway is added or not.

Showing Gateway Name (SG1) with IP address with SIC Status (Trust established).

 

STEP 36: Add the Gateway2

Name : SG2

IPv4 Address : 192.168.1.3  (eth0 interface IP address)

Activation Key : **** (Put the SIC key that give during First Time Configuration Wizard).

Confirm Activation Key : **** (Put the Key again)

Click “Initialize”.

 

STEP 37: Verify the Security Gateway is added or not.

Showing Gateway Name (SG2) with IP address with SIC Status (Trust established).

NOTE : In case SIC failed then you can recreate a SIC by taking ssh of security gateway and run “cpconfig” utility to reset the SIC.

 

STEP 38: Click “Next”

 

STEP 39: Click “Next” to configure the topology of the cluster.

 

STEP 40: Put the External Virtual IP Address : eth2 : 172.16.100.125 | Net Mask : 255.255.255.0

Click “Next”

NOTE : IPv4 Network Address : 172.16.100.0 will automatically come because we already define that IP address.

 

STEP 41: Select option “Cluster Synchronization” as “Primary” because the IPv4 Network Address show 1.1.1.0/24 network.

Click : “Next”

 

STEP 42: Put the Internal Virtual IP Address : eth2 : 192.168.1.5 | Net Mask : 255.255.255.0

Click “Next”

NOTE : IPv4 Network Address : 192.168.1.0 will automatically come because I already define that IP address.

STEP 43: Select “Edit Cluster’s Properties”. and Click “Finish”.

 

STEP 44: Showing General Properties of Cluster.

Make sure that only Firewall blade should enabled if other blade such as “IPSec VPN” is enabled then Unselect it.

 

STEP 45: Check the Cluster Member should be able to see the both Gateway object.

Location : Cluster —> Properties —> Cluster Member

 

STEP 46: We configure High Availability as ClusterXL (Active/Standby)

Select the “Maintain current active Cluster Member” (No Priority)

Location : Cluster —> Properties —> ClusterXL and VRRP

Showing IP address but still not showing the Interface name because still we not fetch the Topology.

Location : Cluster —> Properties  —> Network Management

 

STEP 47: Select “Get interface with Topology” to fetch topology.

NOTE :  If you select “Get interface with Topology” then Anti-Spoofing mode set to prevent on all interface also its recommended.

You can also select the ” Get interface without Topology ” but this time Anti_spoofing will not work which will be security risk.

Don’t select this “Get interface with Topology “option during the Production

STEP 48: When select “Get interface with Topology” then pop up will select “Yes”.

 

STEP 49: Policy is fetch successfully.

STEP 50: Click the eth0 interface and check the Anti-Spoofing setting. It should be Prevent & Log.

Showing Network Type : Cluster with Cluster member’s IP address.


Source : checkpointengineer.com



Comments

Post a Comment

Popular posts from this blog

Port Security Cisco Packet Tracer

Port Security Port Security ini digunakan agar port interface perangkat cisco tidak dapat digunakan kecuali untuk PC dengan MAC Address tertentu. Ada 3 violation : - Protect      = data yg dikirim melalui port tsb dibiarkan tdk terkirim - Restrict     = seperti protect namun mengirimkan notifikasi dgn snmp - Shutdown = port akan dishutdown secara otomatis, utk mengembalikannya maka harus di no shut                           dengan console switch atau telnet Sticky artinya bahwa MAC address yang pertama kali lewat switch maka itulah yang digunakan. Jika bukan MAC address tsb yang tersambung ke port yang diset port-security maka akan diproses tergantung violation yang diset. Mari kita lihat topologi di bawah di sini saya akan menkonfigurasi port secuirty dengan policy berikut Buat konfigurasi untuk SW-01 *aktifkan konfigurasi switchport port-security pada fa0/1 s.d fa0...
Post a Comment
Read more

Proxy server

Proxy server  adalah program yang menerima permintaan (request) dari klien, seperti browser web atau ftp klien,dan kemudian meneruskan permintaan tersebut ke server internet yang dituju. Salah satu program yang cukup powerfull dalam menangani masalah keterbatasan kecepatan akses dan keamanan data yang dipergunakan untuk menangani keperluan internet adalah SQUID. Bagi seseorang administrator jaringan,merupakan tugas utama untuk mengatur lau-lintas data dalam suatu jaringan baik dari dalam maupun keluar jaringan. Squid merupakan pilihan terbaik untuk membangun proxy server karena selain handal juga gratis dan mendukung fitur ICP. Melalui proxy server,seolah-olah klien merasaberinteraksi secara langsung dengan server internet yang dituju.Kenyataannya,sebelum data atau permintaannya disampaikan ke tujuan, data tersebut diarahkan terlebih dahulu ke server proxy,kemudian server proxy akan meneruskan ke server yang dituju,yaitu internet. Bila tidak menggunakan proxy maka ketika kita me...
Post a Comment
Read more