This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
RS_Daniel
Advisor
Friday

Mix and Match 6200-9100 appliances

Hi CheckMates,

I am planning the migration of a security group hardware from 6200 to 9100 and have some doubts.

Dual site enviroment, only one MHO per site. Security Group is only present on site 1, has 3 X 6200 appliances, current version R81.20 Jumbo Take 65. Orchestartors version is R81.20 Jumbo 41.

I see on sk181698 that we need to run R81.20 Jumbo 65 on 9100 appliances in a Maestro configuration. But after a R81.20SP clean install, network connectivity is lost/blocked and the only possible connection is with orchestrator. How we should instal jumbo 65 on 9100 appliances before adding them to SG?

Also on sk181698 i can see 9100 boxes work on UPPAK. I think 6200 appliances work on kernel mode and can not be moved to user mode at this moment. Is there any problem if we add 9100 with UPPAK to the existing security groups working with KPPAK? sk162373 says it is a supported combination i would think it is already considered but wanted to confirm anyway.

About traffic distribution, 6200 has 4 cores and 9100 has 8. Is it necessary to configure weigths to work properly? We will be taking out a 6200 at a time until only the 9100 remain and would prefer not make many changes that should be rolled back later.

Any help is appreciated.

Regards

 

0 Kudos
7 Replies
Bob_Zimmerman
Authority
Authority
Friday

Just to confirm, did you image them with the "Factory Image for Quantum Force 9100, 9200, 9300, 9400, 9700, and 9800 Appliances operating in a Maestro configuration" from sk181698? It's not a normal R81.20 image.

0 Kudos
RS_Daniel
Advisor
Friday
In response to Bob_Zimmerman

Yes, we used that image (Check_Point_R81.20_For_9000_Appliances_T786_Maestro.iso)

0 Kudos
emmap
Employee
Employee
Sunday

Add the 9100s to the SG, then install JHF t65 on all members in the group.

UPPAK is not currently supported on R81.20 Maestro installs, so they'll be running KPPAK same as the 6200s. 

When you add the 9100s to the SG they will inherit the same CoreXL configuration as the 6200s, as all gateways in a security group must have the same CXL configuration. The default weighting will however likely distribute twice the traffic to the 9100s as the 6200s get. You should monitor load on each SGM to ensure that they're not getting overloaded and adjust weighting as necessary. Once all the 6200s are removed from the group you should reset CXL to defaults for all the 9100s and ensure dynamic balancing is enabled.

Davis_Laker
Participant
Monday
In response to emmap

Can you please list some of the commands I would use to Monitor Load on each SGM?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
Monday
In response to Davis_Laker

asg perf -p -v

show smo security-group sgm-weight all

cphaprob stat

CCSM R77/R80/ELITE
RS_Daniel
Advisor
Monday
In response to emmap

Hello @emmap ,

Thanks for your help. It is clearer now. I have one question more please. After i add 9100 appliances, coreXL will disable 4 cores on 9100 and leave only other 4 enabled. So after removing the 6200 appliances we will need to change this configuration so 9100 can work with 8 cores. Can you provide some guidance with this procedure, i did not find it on R81.20 Quantum Maestro Administration Guide. Thanks in advance.

Regards

0 Kudos
emmap
Employee
Employee
Monday
In response to RS_Daniel

The cores aren't disabled, they're just not used for CoreXL. They get used for SND. 

You should just have to enable Dynamic Balancing and it'll take care of the rest for you. 

https://support.checkpoint.com/results/sk/sk164155

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events