Get best of the week

5. Check Point Maestro Frequently Asked Questions (FAQ)



We have already published 4 articles ( 1 , 2 , 3 and 4 ) on Check Point Maestro , where we have described in some detail the purpose and various scenarios of using this product. In this regard, we are often and often asked a lot about this decision. Most ask about the same questions. Therefore, we decided to draw up a small list of frequently asked questions - FAQ. Hope this helps someone save time.

First of all, it is worth noting that there is an official sk147853 - Maestro Frequently Asked Questions (FAQs)where everything is pretty detailed. This is the main resource that is definitely worth using. We will give our top questions, with our not so concise comments.

Frequently Asked Questions about Check Point Maestro


1) Is Maestro a new technology? Is it too early to buy? Surely a lot of bugs.


The technology of load balancing between gateways at Check Point has existed for more than 10 years. Remember the chassis solutions 44000/64000. Maestro is to some extent a reincarnation of the same technology, but in a new format - you no longer need bulky and expensive chassis. You can only buy the gateways that you need and only in the quantity that you need. In fact, Maestro lowers the financial threshold for entering scalable solutions, plus it eliminates the disadvantages of traditional chassis models (up to 31 devices can now be combined into a cluster).

2) There are ordinary balancers. What is the advantage of Maestro?


Another balancer must still be able to manage. In addition, this does not make it easy for you to administer all the gateways between which the entire load will be shared. Each will have to be administered separately (especially when adding devices). In the case of Maestro, even a cleaning lady will cope with the task of scaling. Upon initial setup, you create a Security Group (essentially a cluster of several gateways), after which the whole process of adding gateways will be reduced to connecting 1-2x cables to the orchestra (it is also a balancer) and dragging this object into the Security Group via a graphical interface. All. Settings will be pulled automatically (even the necessary patches) and the gateway will immediately begin to process traffic along with other gateways in the group.
The plus of the orchestra is that it costs less than classical balancers, including at the cost of annual ownership.

3) Maestro for large business only?


I have already partially answered this question in the previous paragraph. Maestro simply at times lowered the threshold for entering scalable solutions. The minimum gateway model that supports working with the orchestra is 5600. In the near future, support will be added for another inexpensive gateway from the new series - 6200. I described the advantages of Check Point Maestro over the classic cluster earlier . Even companies with 500-1000 employees can seriously consider this option.

4) Can I use the ports of the orchestrator, like the ports of a regular switch? For example, to connect your servers.


Here the answer will be concise - NO. The ports of the orchestra are designed only for connecting gateways, as well as for connecting to the customer’s corporate network and the Internet.

5) Can I configure the SPAN port on the orchestra?


No. Yes and there is no point in this. The orchestrator still connects to regular switches. There SPAN and is configured.

6) What is the maximum cable length for connecting gateways to an orchestra?


Up to 200 meters via Short Range Transceivers. Thus, you can place gateways in different rooms of the same room.

7) Is the license spent on the management server when connecting the orchestrator?


No. The orchestra is not administered at all from the management server. Moreover, all gateways of one Security Group (essentially a cluster) are perceived by the server management as one. Yes, 31 gateways in one Security Group will be displayed as a single object. This is a pretty substantial savings on the management server.

8) How much does the performance of the uplinks that connect to the orchestra fall?


The performance drop is minimal - 1%. This is not comparable with the losses that you get when using gateways in the classic load sharing mode (especially if there are more than 4 of them in the cluster).

9) Are there Check Point Maestro training courses?


Yes, now there is. There are certified training centers with real hardware (the orchestra cannot be virtualized), with certified trainers. You can even pass an exam and get a certificate of such a plan:



Conclusion


If you still have questions, you can feel free to ask them in the comments or email us . Stay tuned ( Telegram , Facebook , VK , TS Solution Blog )!

More articles:


All Articles