Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Checkpoint Gateway and Management (80.20 GA) on ESXi same VM

Since it is hard to get HP 360 Gen9 nowadays, especially in desired configuration,  and new kernel 3.10 comes only for Gateways without Management

GAIA-3372This version only supports the Security Gateway. Security Management and Standalone are not supported. 

 

 I am considering to use HP 360 Gen10, Install  ESXi 6.7 and create there VM for checkpoint (planing to use R80.20 GA)

it will be a dedicated host, only for checkpoint

Is it supported (officially) to run Gateway and Management  ( together on the same VM) as an virtual machine on ESXi host in production.

 

0 Kudos
Reply
8 Replies
Highlighted
Advisor

Is there any specific reason why you wouldn't want to stick with a distributed deployment and deploy two VMs on the same host?

R80 CCSA / CCSE
0 Kudos
Reply
Highlighted
Participant

yes, there is a reason

I have license that contains Management and Gateway all together

CPSG-P202-CPSM-P303-F Security Bundle - P102 and P303
 
so I can't separate Management and Gateway
 
 

 

0 Kudos
Reply
Highlighted
Admin
Admin

With a two core gateway license (especially in “standalone” mode), you’re not making full use of any modern hardware nor are you able to leverage any of the newer product features. I’d strongly consider trading that in.
0 Kudos
Reply
Highlighted
Participant

I will look into changing to a new version of licensing

But even if I separate them as I guess I will get no more then 2 core gateway license 

And even in standalone mode gateway can use 2 Cores and Management the rest of the cores isn't that right?

But yes I wouldn't be able to use the full number of core on server , but wat can I do - 2 Cores are enough for me

Checkpoint didn't make it easy to convert license from one type to other like any other vendors do,

but you need to trade it and basically buy new ones as I understood

 

0 Kudos
Reply
Highlighted
Admin
Admin

Management licenses aren't restricted to the number of cores when deployed in a distributed fashion. In a standalone fashion, you probably will be, but not 100% sure. It's possible Account Services will allow splitting the license.

Converting a license to a more modern SKU does require purchasing new licenses, but you get trade-in credit for the older license you already purchased.
0 Kudos
Reply
Highlighted
Champion
Champion

I'm pretty sure the SMS/management functions are not limited by license as to the number of cores that can be utilized, even in a standalone setup.  The gateway portion will be limited to 2 cores and will have the default 2/2 split between SND/IRQ and Firewall Workers.  Can pretty much guarantee performance will be terrible with this 2-core standalone setup in anything but a lab environment.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Highlighted
Participant

Why is that?

Now with such standalone implementation on R77.30 I have no performance issue

something will change moving to R80.20 (or R80.30) ?

I have only 200Mbit/s throughput in one direction

 

0 Kudos
Reply
Highlighted
Champion
Champion

As written in my post for Gaia R80.30 with 3.10 Kernel brings back support for standalone deployments because R80.20 doesn't support it.

0 Kudos
Reply