Physical management ports can be shared between the security groups. It is Check Point's best practice to create a MAGG interface (management aggregation) if you have two orchestrators per site.
MHO-140 has four physical management ports to manage security groups. If you have multiple security groups and available switch ports my recommendation is to use to configure separate magg using dedicated management ports for each SG.
SG1: Eth1-Mgmt1 + Eth2-Mgmt1
SG2: Eth1-Mgmt2 + Eth2-Mgmt2
SG3: Eth1-Mgmt3 + Eth2-Mgmt3
SG4: Eth1-Mgmt4 + Eth2-Mgmt4
If you have more than four SGs or don't have enough switch ports (or use MHO-170 that has only two management ports), the physical management interfaces can be shared.
SG1: Eth1-Mgmt1 + Eth2-Mgmt2
SG2: Eth1-Mgmt1 + Eth2-Mgmt2
You can still create a magg out of these ports, but the mode must be XOR or active-backup. LACP is not supported for magg ports in Maestro.