Wednesday, July 10, 2024

Building a Checkpoint Firewall Cluster (Checklist)

 

Checklist to Build Cluster
1. Checkpoint Version R81.20
2. Checkpoint JumboHotFix JHF65 (or latest Checkpoint GA)
3. Hostname
4. DNS/NTP
5. Routes /Static/OSPF/Default Route/Route distribution
6. Add to Infoblox or your DNS server 
7. Interface Speed/Duplex
8. Integration with Cisco tacacs or Authentication Server
9. RSA Seed files if integration is needed for VPN
10. Serial Connection to Term Server
11. Monitoring
a. Add to SolarWinds
b. Add to Indeni 
12. Configure Firewall backup on Indeni  
13. Add to Firewall Management Servers
14. Apply Checkpoint License
15. Verify 
a. Logs on Logger
b. Policy is applied with software blades IPS/Identity Awareness
16. Configure Out-of-band LOM 



Special Configurations
1. Fix CP provided for the talk path issue 
/opt/CPsuite-R81.20/fw1/boot/modules/
Vi fwkern.conf
fwmultik_dispatcher_in_tap_mode=1

2. The core 0 CPU fix 
/opt/CPsuite-R81.20/fw1/boot/modules/
Vi fwkern.conf
fwmultik_sync_processing_enabled=0


Ref: https://support.checkpoint.com/results/sk/sk165853



a.