maestro and sms open server

dkurochkin · ‎2022-02-07

Hello team !

q:
For create security group need to specify management interface (1-4 interfaces in the MHO); this is physical interface for connect the MHO (maestro) and SMS (Security Management Server).
Without this interface, you cannot create security group; this interface will be used to install security policies.

In my case, I have SMS virtual, open server VMWARE.

1. How to can create security group, if I do not have and cannot have a physical interface?
2. Can MHO work with SMS Open Server? Is there an SK where this is described?

sorry for my english

thx

G_W_Albrecht · ‎2022-02-07

Also ESXi has ports - map one to a physical port and connect the VM SMS to it. Maestro works with any SMS, see

Quantum Maestro R81.10 Administration Guide.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

dkurochkin · ‎2022-02-07

Thx for your answer

My maestro version 80.20 sp

For connecting esxi host and maestro needs direct connection or allowed connection via switch?

Wolfgang · ‎2022-02-07

Yes, you can use switch. Connect your MHOs management ports and your ESXi to the switch, same VLAN and IP subnet or you have to use a routing instance if in different subnets.

G_W_Albrecht · ‎2022-02-07

Whatever - same as with usual GWs but to MHO.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Chris_Atkinson · ‎2022-02-07

Please note the limitation described in another of @Wolfgang 's prior threads here.

To avoid the issue ensure the Security Group either isn't the default gateway for the management network itself or explore the alternative as described.

https://community.checkpoint.com/t5/Maestro/Maestro-limitation-connections-going-through-data-and-ma...

CCSM R77/R80/ELITE