Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
Jump to solution

Maestro dual site with one MHO on each site ?

Is it supported to run dual site deployment with only one MHO and one appliance on each site ?

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor

Nearly correct.

Minimal setup would be:

  • one downlink from MHO A to GW A
  • one downlink from MHO B to GW B
  • one site-sync from MHO A to B

For downlinks on one MHO there can only be redundancy if using quad 1G card (using port 1 and 3). Other ports (2 and 4) are reserved for a second MHO per site.

For site-sync redundancy is possible just by adding other site-sync ports.

 

see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... for downlink configurations 

 

View solution in original post

4 Replies
Norbert_Bohusch
Advisor

Yes, it is.

We have/had multiple customers using this.

Some because the are having one multiple security groups and one has only one member per site.

Others because they have integrated standard clusters in their Maestro deployment to support future demands.

0 Kudos
Wolfgang
Authority
Authority

This means, the appliance on site_A will be connected with both ports to the one MHO on site_A and the appliance on site_B will be connected with both ports to the one MHO on site_B ?

MHOs are connected for site sync with only one or dual connection ? 

0 Kudos
Norbert_Bohusch
Advisor

Nearly correct.

Minimal setup would be:

  • one downlink from MHO A to GW A
  • one downlink from MHO B to GW B
  • one site-sync from MHO A to B

For downlinks on one MHO there can only be redundancy if using quad 1G card (using port 1 and 3). Other ports (2 and 4) are reserved for a second MHO per site.

For site-sync redundancy is possible just by adding other site-sync ports.

 

see https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... for downlink configurations 

 

kobil
Employee
Employee

it is possible, yet if customer is not planning growth (adding appliances or even MHOs) then he will not enjoy the benefits of unicast sync and switch redundancy within the same site.

in other words this implementation is somehow similar to traditional cluster with 2 members (working in HA mode)

0 Kudos