This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Anatoly
Employee
Employee
‎2021-07-13 02:03 AM
Jump to solution

Automated and scalable data center operations with Maestro -Interview with Scalable Platforms Expert

Interview with Check Point’s security platforms expert.

Take a look at the new Maestro Hyperscale Orchestrator Automated and scalable data center operations with Maestro - world’s #1 Hyperscale security solution, presented my Michael Greenberg and myself.

Maestro combines the performance of 52 gateways on demand delivering up to 1.5 Tbps of threat prevention performance.

3 Solutions

Accepted Solutions
delToro1
Contributor
‎2023-08-22 12:19 AM
In response to Ricki_Juntak
Jump to solution

Hi @Ricki_Juntak , if you use g_tcpdump , you can check what SGM into the SG is processing the traffic.

 

g_tcpdump.png

Regards!

 

View solution in original post

0 Kudos
(1)
Wolfgang
Authority
Authority
‎2023-08-22 12:46 AM
In response to delToro1
Jump to solution

additional to @Ricki_Juntak comment you can see in the logs which SGM is proccessing the traffic.

2023-08-22 09_41_03.png

View solution in original post

0 Kudos
(1)
Sven_Glock
Advisor
‎2023-08-22 12:25 PM
In response to Wolfgang
Jump to solution

Additionally a nice tool to understand which packet arrives on with sgm is dxl calc:

dxl calc
Usage: dxl calc <src ip> <dst ip> <Distribution Mode/Interface Name>

Distribution Mode:
0 - General, a source and destination IP based distribution.
1 - User, a destination IP based distribution.
2 - Network, a source IP based distribution.

[Expert@maestro-ch01-01:0]# dxl calc 1.1.1.1 2.2.2.2 2
<1.1.1.1,2.2.2.2,src_based,181>
Chassis 1: Blade(s):1_05,1_07

View solution in original post

(1)
7 Replies
Ricki_Juntak
Participant
‎2023-08-21 11:06 PM
Jump to solution

Hi Anatoly,

 

can you share to me, how can I make sure some traffic processing by SGM1 or SGM2.

for example we have 2 SGM's in one Security Group, the distribute traffic to SGM's is used one active SGM to inspect traffic and another one is for backup right?

and how flow log can go to SMS  cause the only one member will be SMO (this is SGM1) but traffic inspect by SGM2, any delay for log send to SMS?

 

 

Regards,

Ricki

0 Kudos
Wolfgang
Authority
Authority
‎2023-08-21 11:27 PM
In response to Ricki_Juntak
Jump to solution

@Ricki_Juntak Maestro does not work like ClusterXL. All SGMs are active and proccesing traffic. Have a look at this nice presentation to understand how it works.

Maestro Under The Hood with Lari Luoma 

0 Kudos
Ricki_Juntak
Participant
‎2023-08-22 12:04 AM
In response to Wolfgang
Jump to solution

 

Hi Wolfgang, I mean like on this table below:

SGM1SGM2SGM3
Active 1.1.1.1:234->2.2.2.1:80Backup 1.1.1.1:234->2.2.2.1:80 
Backup 1.1.1.10:2211->2.2.2.20:22 Active 1.1.1.10:2211->2.2.2.20:22

 

the Hypersync, so how we know the traffic inspect active by SGM1 or SGM2 or SGM3

0 Kudos
delToro1
Contributor
‎2023-08-22 12:19 AM
In response to Ricki_Juntak
Jump to solution

Hi @Ricki_Juntak , if you use g_tcpdump , you can check what SGM into the SG is processing the traffic.

 

g_tcpdump.png

Regards!

 

0 Kudos
(1)
Wolfgang
Authority
Authority
‎2023-08-22 12:46 AM
In response to delToro1
Jump to solution

additional to @Ricki_Juntak comment you can see in the logs which SGM is proccessing the traffic.

2023-08-22 09_41_03.png

0 Kudos
(1)
Sven_Glock
Advisor
‎2023-08-22 12:25 PM
In response to Wolfgang
Jump to solution

Additionally a nice tool to understand which packet arrives on with sgm is dxl calc:

dxl calc
Usage: dxl calc <src ip> <dst ip> <Distribution Mode/Interface Name>

Distribution Mode:
0 - General, a source and destination IP based distribution.
1 - User, a destination IP based distribution.
2 - Network, a source IP based distribution.

[Expert@maestro-ch01-01:0]# dxl calc 1.1.1.1 2.2.2.2 2
<1.1.1.1,2.2.2.2,src_based,181>
Chassis 1: Blade(s):1_05,1_07

(1)
Ricki_Juntak
Participant
‎2023-08-22 07:56 PM
In response to Sven_Glock
Jump to solution

Thank you Wolfgang, delToro1, Sven_Glock

another my question is about any delay send log from SGM active (inspect the traffic) to the SMS?

in my experience filter log from SMS (log monitor) log not show from some traffic (need more time to see log on SMS), there is cause traffic not inspect by the SMO?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events