This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
‎2022-05-23 06:56 AM
Jump to solution

Maestro dual site with one MHO on each site ?

Is it supported to run dual site deployment with only one MHO and one appliance on each site ?

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor
‎2022-05-23 12:03 PM
In response to Wolfgang
Jump to solution

Nearly correct.

Minimal setup would be:

  • one downlink from MHO A to GW A
  • one downlink from MHO B to GW B
  • one site-sync from MHO A to B

For downlinks on one MHO there can only be redundancy if using quad 1G card (using port 1 and 3). Other ports (2 and 4) are reserved for a second MHO per site.

For site-sync redundancy is possible just by adding other site-sync ports.

 

see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... for downlink configurations 

 

View solution in original post

4 Replies
Norbert_Bohusch
Advisor
‎2022-05-23 07:03 AM
Jump to solution

Yes, it is.

We have/had multiple customers using this.

Some because the are having one multiple security groups and one has only one member per site.

Others because they have integrated standard clusters in their Maestro deployment to support future demands.

0 Kudos
Wolfgang
Authority
Authority
‎2022-05-23 07:36 AM
In response to Norbert_Bohusch
Jump to solution

This means, the appliance on site_A will be connected with both ports to the one MHO on site_A and the appliance on site_B will be connected with both ports to the one MHO on site_B ?

MHOs are connected for site sync with only one or dual connection ? 

0 Kudos
Norbert_Bohusch
Advisor
‎2022-05-23 12:03 PM
In response to Wolfgang
Jump to solution

Nearly correct.

Minimal setup would be:

  • one downlink from MHO A to GW A
  • one downlink from MHO B to GW B
  • one site-sync from MHO A to B

For downlinks on one MHO there can only be redundancy if using quad 1G card (using port 1 and 3). Other ports (2 and 4) are reserved for a second MHO per site.

For site-sync redundancy is possible just by adding other site-sync ports.

 

see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... for downlink configurations 

 

kobil
Employee
Employee
‎2022-06-22 07:18 AM
Jump to solution

it is possible, yet if customer is not planning growth (adding appliances or even MHOs) then he will not enjoy the benefits of unicast sync and switch redundancy within the same site.

in other words this implementation is somehow similar to traditional cluster with 2 members (working in HA mode)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events
    li.common.scroll-to.top