https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129812#M19047 <P>MDPS is meant to be configured on a gateway talking to a management server on a different system.<BR />This is why processes that are obviously only on a management server (specifically cpm and fwm) are not part of MDPS.<BR />Whether they can be included is, perhaps, a separate question.</P> Mon, 20 Sep 2021 21:23:25 GMT PhoneBoy 2021-09-20T21:23:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129803#M19037 <P>Hello,</P><P>I am deploying a 6200P NGTX standalone appliance (management + gateway, no HA). Does anyone know if this supports the Management Data Plane Separation configuration that is outlined in sk138672?</P><P>I have a ticket with support regarding this question but they haven't been able to provide an answer.</P><P>I deployed the appliance and enabled the configuration but I was unable to connect via Smart Console (the web interface and SSH access worked as expected). The management plane task list didn't show the fwm and cpm/java TCP ports 18190 and 19009, which didn't seem right.</P><P>Thanks!</P> Mon, 20 Sep 2021 17:18:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129803#M19037 quatloo 2021-09-20T17:18:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129812#M19047 <P>MDPS is meant to be configured on a gateway talking to a management server on a different system.<BR />This is why processes that are obviously only on a management server (specifically cpm and fwm) are not part of MDPS.<BR />Whether they can be included is, perhaps, a separate question.</P> Mon, 20 Sep 2021 21:23:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129812#M19047 PhoneBoy 2021-09-20T21:23:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129815#M19048 <P>Thanks for your reply.&nbsp; Yes, that makes sense.&nbsp; I think I have strayed from a typical deployment scenario which is why tech support can't say whether it is a supported configuration.&nbsp; In any case, the take home message is to refrain from enabling MDPS if you are running a stand-alone appliance as it will break the ability to manage the system with Smart Console (at least in my hands).</P> Mon, 20 Sep 2021 23:25:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129815#M19048 quatloo 2021-09-20T23:25:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129816#M19049 <P>There's certainly no clear statement saying it is or it isn't, thus why TAC can't say for certain.<BR />However, based on what things the feature enables by default, I feel pretty confident in saying a standalone gateway was not the intended use case for MDPS.</P> Mon, 20 Sep 2021 23:35:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Data-and-Management-Plane-separation-on-6200P-NGTX-standalone/m-p/129816#M19049 PhoneBoy 2021-09-20T23:35:51Z