• There is a Check Point R77 firewall with two clusters.
• Cluster 1 has a physical IP address of x.x.x.101.
• Cluster 2 has a physical IP address of x.x.x.102.
• Cluster 1 and Cluster 2 are a member IPs of the virtual IP address x.x.x.100.

Activity Key: Lookup Authentication agent 
Description: Lookup authentication agent by IP address "x.x.x.101" 
Reason: Authentication agent not found

1. In the Security Console, select Access > Authentication Agents > Add New (or Manage Existing, as the case may be). 
2. Create (or modify) an agent using the virtual IP address in IPv4 format in the Authentication Agent Basics section.
3. Click Save when done.
4. On the Cluster 1 agent machine, open a text editor and create a file named sdopts.rec.
5. In the file add the following entry using the IPv4 virtual IP address, as in the example here:

CLIENT_IP=<virtual IP address>

CLIENT_IP=10.100.100.100

6. ave and close the file.  A restart of the agent is not required.
7. Test authentication against Cluster 1.
8. Authentication should be successful and the node secret file named securid will be created in the agent directory (/var/ace/ by default)
9. Copy the following files:  sdconf.rec, sdopts.rec and securid to standby firewall (Cluster 2) 
10. This should enable the standby to take authentication requests when it becomes active.