Q: What's the official product site ?
A: Check Point Quantum Maestro | Orchestrator Datasheet | Support Center
Q: What's the recommended version for Security Groups ?
A: Check Point R81 for Scalable Platforms | Release Notes | Known Limitations | Comparison to R81 and other versions
Q: What's the recommended version for Orchestrators ?
A: Check Point R81.10 for Scalable Platforms | Release Notes | Known Limitations
Q: Where's the Getting Started Guides ?
A: Quantum Maestro - Getting Started Guide (PDF) | MHO Quick Start Guide
Q: Where's the Admin Guide ?
A: Quantum Maestro - Admin Guide R81 (PDF)
A: Quantum Scalable Chassis - Admin Guide R81 (PDF)
Q: Where can I get a Maestro Demo ?
A: Right here.
Q: What are the Maestro HyperScale Orchestrators (MHO) based on?
A: MHO-140 Appliance: Nvidia Mellanox SN2410 Ethernet Switch
A: MHO-175 Appliance: Nvidia Mellanox SN3700C Ethernet Switch
Also see Check Point's Declaration of Conformity.
Info: The MHO-170 Appliance is discontinued.
Q: Which transceivers are compatible / supported ?
A: Compatibility of transceivers for Check Point appliances
Q: What's the port mapping ?
A: Port mapping for MHO-140 Appliance
Q: How is the m / member command working ?
A: It's just a SSH wrapper that aims to make it easier to SSH-connect to members of security groups, i.e. Check Point Security Gateways (SGMs). You can also directly use ssh if you know the IP addresses or simply look them up via: lldpneighbors
Q: What's the CIN network ?
A: The Sync & Chassis Internal Network (CIN) got it's name from Check Point chassis-based 41000 / 61000 appliances. In Maestro it's used for connectivity between the orchestrators and the security gateway modules where they are connected via DAC cables.
Q: How can I check the status of the connected ports on the MHO ?
A: Simply use this tool from our toolbox or run the command: sx_api_ports_dump.py
Q: Where can I find training for Maestro ?
A: As a Check Point partner, ask your local Check Point SE for the Maestro Partner Training KIT (PTK) and training dates.
A: Check Point also offers a free Maestro Jumpstart Training (part 2) and this community hosted a Maestro TechTalk.
A: Check Point Education & Certification offers a paid Maestro training & certification.
A: Check Point Partners can view recorded Maestro sessions within the Partner Onboarding Academy.
A: Check Point Maestro Webinars can be found on Eventbrite and BrightTalk.
A: Check Point Professional Services started a documentary on HyperScale solutions: Part 1, Part 2.
A: More training resources can be found here.
Q: How can I verify transceivers in an Orchestrator (MHO) appliance or SGM?
A: Simply use this tool from our toolbox.
Q: How do I license my Maestro systems?
A: MHOs don't require a license.
A: SGMs require a local license. Generate it for the 192.0.*.* IP of your SGM. Verify it via cphaprob stat
. Your SGM will try to download the license and contract from Check Point's UserCenter. If that doesn't work automatically (verify via g_all cplic print -x
), use the g_cplic
command to import the license and contract files manually into your SGM.
Verify that the license info in these files is correct:
- $CPDIR/conf/cp.license
- $CPDIR/conf/cp.license.smo
Q: How do I identify which SGM is SMO?
A: Command: asg_blade_config get_smo_ip
A: Command: asg stat -i tasks
Q: How do I identify which SGMs within a SG are active?
A: Command: gexec -t
A: Command: g_all
A: Command: asg monitor
Q: How many snapshots fit on my Orchestrator?
A: Disk space is limited on Orchestrators. Mostly just two or three snapshots will fit on the disk.
Best Practice: Create snapshots before downloading new packages. Verify your snapshots within WebUI > Snapshot Management after package installation.
**WORK IN PROGRESS**