Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dkurochkin
Participant

maestro and sms open server

Hello team !

q:
For create security group need to specify management interface (1-4 interfaces in the MHO); this is physical interface for connect the MHO (maestro) and SMS (Security Management Server).
Without this interface, you cannot create security group; this interface will be used to install security policies.

In my case, I have SMS virtual, open server VMWARE.

1. How to can create security group, if I do not have and cannot have a physical interface?
2. Can MHO work with SMS Open Server? Is there an SK where this is described?

sorry for my english

 

thx

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

Also ESXi has ports - map one to a physical port and connect the VM SMS to it. Maestro works with any SMS, see 

Quantum Maestro R81.10 Administration Guide.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
dkurochkin
Participant

Thx for your answer

 

My maestro version 80.20 sp 

 

For connecting esxi host and maestro needs direct connection  or allowed connection via switch?

 

 

 

0 Kudos
Wolfgang
Authority
Authority

Yes, you can use switch. Connect your MHOs management ports and your ESXi to the switch, same VLAN and IP subnet or you have to use a routing instance if in different subnets.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Whatever - same as with usual GWs but to MHO.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Please note the limitation described in another of @Wolfgang 's prior threads here.

To avoid the issue ensure the Security Group either isn't the default gateway for the management network itself or explore the alternative as described.

https://community.checkpoint.com/t5/Maestro/Maestro-limitation-connections-going-through-data-and-ma... 

CCSM R77/R80/ELITE
0 Kudos