This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Danny
MVP Gold
MVP Gold
3 weeks ago

Maestro Host Access - Best Practice

Maestro operates with predefined Internal IP Addresses.

In order to allow connections between SGMs and MHOs, like the member command, it's required to add these IPs to the Gaia Host Access list, in addition to the specific Firewall Management DMZ that manages the Check Point security infrastructure.

A typical Gaia Host Access list on Maestro security groups would look like this:

image.png

Type IP / Netmask Description
Host 127.0.0.1 Localhost
Network 192.0.2.0 /24 Maestro Internal Sync Network
Network 198.51.101.0 /24 CIN (Chassis Maestro Internal Network)
Network 203.0.113.0 /24 Maestro Inter-Site Sync Network


Depending on the number of security groups, there could also be additional Maestro CIN networks, such as:
198.51.102.0 / 24, 198.51.103.0 / 24 and so on, as described here.

Let's discuss how the Gaia Host Access list should be configured on Maestro HyperScale Orchestrators (MHO).

---
@Lari_Luoma @Anatoly @Tom_Kendrick @Laszlo_Csosza @Jochen_Hoechner 

(1)
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events