cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Danny
Pearl

New! R80.30 feature: Management Data Plane Separation (for gateways with 8+ cores)

rs1810300033.png

I really like the all new R80.30 feature for separating management from data traffic via

  • Routing Separation and
  • Resource Separation

as described in sk138672.

 

Did anyone test this already?

12 Replies
Jerry
Gold

Re: New! R80.30 feature: Management Data Plane Separation

it is about time! finally arrived.
will test it soon and report back 🙂
Jerry
0 Kudos

Re: New! R80.30 feature: Management Data Plane Separation

About time!  This is a long over due feature!

0 Kudos

Re: New! R80.30 feature: Management Data Plane Separation

"Use of logical interfaces is not suppoted on management interface (Alias, Bridge, VPN Tunnel, 6in4 Tunnel, PPPoE, Bond, VLAN)"

1. It is a pity. Showstopper for us.
2. There is typo (suppoted  -> supported).

Kind regards,
Jozko Mrkvicka

Re: New! R80.30 feature: Management Data Plane Separation

Very interesting information.

I will test it tomorrow in our LAB:-)

Thank you!

Highlighted

Re: New! R80.30 feature: Management Data Plane Separation

With Resource Separation the cpu load should not rise when installing the policy. Is that correct?

mng.PNG

 

Re: New! R80.30 feature: Management Data Plane Separation

Hi Dameon,

Do I need a license for the management instance or lose a core license?

Regards

Heiko

Admin
Admin

Re: New! R80.30 feature: Management Data Plane Separation

I assume this dedicated CPU core is treated like any other core: you need a license for it. A minimum of 8 CPU cores are required to use this feature, which means your Open Server license must be for at least 8 cores. Beyond that, no special licensing requirements.
Vladimir
Pearl

Re: New! R80.30 feature: Management Data Plane Separation

So anything below 5900 will not be able to take advantage of it...

0 Kudos
Admin
Admin

Re: New! R80.30 feature: Management Data Plane Separation

Sounds about right.
0 Kudos
Vladimir
Pearl

Re: New! R80.30 feature: Management Data Plane Separation

Danny, you may want to change the heading by adding "for gateways with 8 or more cores".

Otherwise it leads to unwarranted euphoria 🙂

Danny
Pearl

Re: New! R80.30 feature: Management Data Plane Separation

Added.

Re: New! R80.30 feature: Management Data Plane Separation (for gateways with 8+ cores)

I do have a concern about the best practices from the article:  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

"Connectivity to the LDAP and similar servers from the Gateway should be done via the Data Plane."

 

I've always been told that only the management/control plane of a security gateway should be making or allowing connections to the device.  The data plane should not allow or make connections, it should only play the role of traffic cop. 

What is everyone's thoughts on this?

0 Kudos