Following my post on Check Point CCSA Exam notes, in this post I’m gonna write notes on CCSE exam. Though this time I won’t fall into configuration and try to only point out the more important and real-world-applicable things.
Management Server HA
- When adding a new Check Point host as a Secondary Management Server, do not Initialize SIC before selecting Network Policy Management feature!
- After adding the host, save and Install the policy; synchronization will then work.
As a reminder, whenever you reset the SIC for a Gateway from Management Server, it should be re-initialized from the Gateway by cpconfig; don’t forget to exit cpconfig!
Check Point calls its clustering solution ClusterXL which supports up to 8 Cluster members and can be implemented in two main flavors:
- Multicast mode: 50/50, very efficient and excellent performance
- Unicast mode: 70/30, to be used in environments where an intermediate device has issues with multicast MAC address (IGMP Snooping)
Expert@GAiA-2:0]# cphaprob state Cluster Mode: Load Sharing (Unicast) with IGMP Membership Number Unique Address Assigned Load State 1 192.168.0.101 30% Active (pivot) 2 (local) 192.168.0.102 70% Active
- High Availability (HA)
- New Mode: Each member has its own physical IP address
- Legacy Mode: Both members have the same physical IP address
To make kernel changes permanent, they should be written in $FWDIR/modules/fwkern.conf