Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Anatoly
Employee
Employee
Jump to solution

Automated and scalable data center operations with Maestro -Interview with Scalable Platforms Expert

Interview with Check Point’s security platforms expert.

Take a look at the new Maestro Hyperscale Orchestrator Automated and scalable data center operations with Maestro - world’s #1 Hyperscale security solution, presented my Michael Greenberg and myself.

Maestro combines the performance of 52 gateways on demand delivering up to 1.5 Tbps of threat prevention performance.

3 Solutions

Accepted Solutions
delToro1
Contributor

Hi @Ricki_Juntak , if you use g_tcpdump , you can check what SGM into the SG is processing the traffic.

 

g_tcpdump.png

Regards!

 

View solution in original post

0 Kudos
(1)
Wolfgang
Authority
Authority

additional to @Ricki_Juntak comment you can see in the logs which SGM is proccessing the traffic.

2023-08-22 09_41_03.png

View solution in original post

0 Kudos
(1)
Sven_Glock
Advisor

Additionally a nice tool to understand which packet arrives on with sgm is dxl calc:

dxl calc
Usage: dxl calc <src ip> <dst ip> <Distribution Mode/Interface Name>

Distribution Mode:
0 - General, a source and destination IP based distribution.
1 - User, a destination IP based distribution.
2 - Network, a source IP based distribution.

[Expert@maestro-ch01-01:0]# dxl calc 1.1.1.1 2.2.2.2 2
<1.1.1.1,2.2.2.2,src_based,181>
Chassis 1: Blade(s):1_05,1_07

View solution in original post

(1)
7 Replies
Ricki_Juntak
Explorer

Hi Anatoly,

 

can you share to me, how can I make sure some traffic processing by SGM1 or SGM2.

for example we have 2 SGM's in one Security Group, the distribute traffic to SGM's is used one active SGM to inspect traffic and another one is for backup right?

and how flow log can go to SMS  cause the only one member will be SMO (this is SGM1) but traffic inspect by SGM2, any delay for log send to SMS?

 

 

Regards,

Ricki

0 Kudos
Wolfgang
Authority
Authority

@Ricki_Juntak Maestro does not work like ClusterXL. All SGMs are active and proccesing traffic. Have a look at this nice presentation to understand how it works.

Maestro Under The Hood with Lari Luoma 

0 Kudos
Ricki_Juntak
Explorer
 

Hi Wolfgang, I mean like on this table below:

SGM1SGM2SGM3
Active 1.1.1.1:234->2.2.2.1:80Backup 1.1.1.1:234->2.2.2.1:80 
Backup 1.1.1.10:2211->2.2.2.20:22 Active 1.1.1.10:2211->2.2.2.20:22

 

the Hypersync, so how we know the traffic inspect active by SGM1 or SGM2 or SGM3

0 Kudos
delToro1
Contributor

Hi @Ricki_Juntak , if you use g_tcpdump , you can check what SGM into the SG is processing the traffic.

 

g_tcpdump.png

Regards!

 

0 Kudos
(1)
Wolfgang
Authority
Authority

additional to @Ricki_Juntak comment you can see in the logs which SGM is proccessing the traffic.

2023-08-22 09_41_03.png

0 Kudos
(1)
Sven_Glock
Advisor

Additionally a nice tool to understand which packet arrives on with sgm is dxl calc:

dxl calc
Usage: dxl calc <src ip> <dst ip> <Distribution Mode/Interface Name>

Distribution Mode:
0 - General, a source and destination IP based distribution.
1 - User, a destination IP based distribution.
2 - Network, a source IP based distribution.

[Expert@maestro-ch01-01:0]# dxl calc 1.1.1.1 2.2.2.2 2
<1.1.1.1,2.2.2.2,src_based,181>
Chassis 1: Blade(s):1_05,1_07

(1)
Ricki_Juntak
Explorer

Thank you Wolfgang, delToro1, Sven_Glock

another my question is about any delay send log from SGM active (inspect the traffic) to the SMS?

in my experience filter log from SMS (log monitor) log not show from some traffic (need more time to see log on SMS), there is cause traffic not inspect by the SMO?

0 Kudos