Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Maestro Vs Chassis

Hello there, I just want to know which one of those you guys recommend. I know there are a lot of differences but I want to focus my questions in three points.

  1. Hardware
    1. Consumption
    2. Space on rack
  2. Software
    1. Which one of those has a better performance when it has SSL inspection
    2. Clustering
    3. VSLS
    4. VSX
  3. Administration

thanks,

0 Kudos
Reply
8 Replies
Highlighted
Admin
Admin

Not much different for pp. 2 and 3. Same software, same administration processes, same SMO approach. Very close clustering, since both are running same CXL code.

Now, for consumption, depending on the chassis, you can have either 1/3 or 1/2 of the rack always used per chassis. With Maestro, you have 2U for Maestro appliance, and them depending on GW appliances used, you are very flexible. 

Maestro approach surpasses chassis in terms of capacity and throughput, and also more economical for a lower end configuration. Also, capabilities fo using different HW in the mix for Maestro gives you much more flexibility.

Highlighted
Participant

Hello _Val_, thank you for your answer. I can see in your answer Maestro looks better than CHK Chassis according to my view points.

 

Best regards,

Highlighted
Authority
Authority

I have posted couple of months ago that we were quite happy to say goodbye to our 41k in favour of 26800T. No regrets whatsoever.

SP software always had limitations and were behind feature wise from main train.

You need administrators that are experienced with asg command set. We lost few along the way and were not able to replace them

Troubleshooting can get messy and time consuming when flow correction uses two SGM blades. We had some really crazy cases when connections got cleared from one SGM but not other eventually exhausting connections table

We wanted to use VR in VSX that's not supported in SP.

Apart from that it run ok-ish 🙂 I'm sure a lot has improved since we bailed out on R76SP50

 

Highlighted
Champion
Champion

I know that for very specific situations, the only option is chassis, as there is a certain certification for it thaty is not there for Maestro setups.

That said the flexibility and expand-ability of the Maestro setup is way better than with a Chassis. You can choose your appliance that you want to put behind it and the number can go as high as 52 appliances. And they do not even need to be all the same, just the same models in a Security group.

On top of that I know the focus on the product within Check point is reasonably high at the moment to get everything going in the right way and issues are taken care of quite quickly and moved into Jumbo's.

Regards, Maarten
Highlighted
Participant

Hello Kaspars_Zibarts, I really appreciate your experience with both environment, I have read a lot of posts where people recommend Maestro over Chassis. An important point to consider for me it's Maestro does not support VSLS. It's important for me because I currently have configured VSLS on my 41k. accord of other points, I do understand Maestro is totally better than Chassis.

thanks,

0 Kudos
Reply
Highlighted
Employee++
Employee++

Maestro is more flexible and more scalable, so in most cases I would use Maestro. However, as @Maarten_Sjouw mentioned there are certain cases (especially in tele operator world) where a special hardware certification is needed. In those cases chassis is the only option.

1. Hardware
Depends on the number of appliances you have in Maestro if it takes more or less space than chassis, but chassis always takes the same number of rack-units.

2. Software

Not sure about the SSL inspection performance, but would assume Maestro is better as you can have more powerful appliances.
Clustering, VSLS and VSX are the same on both.

3. Administration is through the single management object on both and most CLI commands also work on both.

Highlighted
Participant

Hello , thank you for your answer. I am wondering if VSLS is supported on Maestro, I'm not sure, I read a release note that indicates VSLS isn't supported on Maestro. Do you know something different?

thanks,

0 Kudos
Reply
Highlighted
Employee++
Employee++

SK147853:

Which clustering modes are supported in dual-site?

Currently, the supported clustering modes in dual-site are SGW active-standby mode, VSX active-standby mode, and VSLS. These modes are per Security Group and can be different for each one. Example: Security Group 1 can be active on site A while the standby is on site B; Security Group 2 can be active on site B and standby on site A.
0 Kudos
Reply