User guide

Sample Implementation on Two Gateways

290 Check Point Safe@Office User Guide

The procedure below shows how to configure HA for both the LAN and DMZ networks.

The synchronization interface is the DMZ network, the LAN virtual IP address is

192.168.100.3, and the DMZ virtual IP address is 192.168.101.3. Gateway A is the Active

Gateway.

To configure HA for Gateway A and Gateway B

1. Connect the LAN port of Gateways A and B to hub 1.

2. Connect the DMZ port of Gateways A and B to hub 2.

3. Connect the LAN network computers of Gateways A and B to hub 1.

4. Connect the DMZ network computers of Gateways A and B to hub 2.

5. Do the following on Gateway A:

a. Set the gateway's internal IP addresses and network range to the values

specified in the table above.

See Changing IP Addresses on page 198.

b. Click Setup in the main menu, and click the High Availability tab.

The High Availability page appears.

c. Select the Gateway High Availability check box.

The Gateway High Availability area is enabled. The LAN and DMZ networks are

listed.

d. Next to LAN, select the HA check box.

e. In the LAN network's Virtual IP field, type the default gateway IP address

192.168.100.3.

f. Next to DMZ, select the HA check box.

g. In the DMZ network's Virtual IP field, type the default gateway IP address

192.168.101.3.

h. Click the Synchronization radio button next to DMZ.

i. In the My Priority field, type "100".

The high priority means that Gateway A will be the Active Gateway.

j. In the Internet - Primary field, type "20".

Gateway A will reduce its priority by 20, if its primary Internet connection goes

down.

k. In the Internet - Secondary field, type "30".