Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Max_Baumgarten
Contributor

Max # of Gateways per CMA

Hey All,

Was wondering if Check point has any data regarding performance/stability impacts to a CMA/MDS based on the number of gateways per CMA?  For example, does a CMA become noticeably slower/unstable if you have >100 gateways in the CMA?  Are there any best practices for the number of gateways that should be in a CMA?

Thanks!

5 Replies
Magnus-Holmberg
Advisor

I would say it heavily depend on how much logs the gateways are generating, how powerfull the MDS is, how many other CMA within the MDS etc.
Do you offload the logs to one or more MLM?

regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
Max_Baumgarten
Contributor

All Logs offload to MLMs.

_Val_
Admin
Admin

Second what @Magnus-Holmberg said. With logs off-loaded to MLM, MDS should not experience any significant performance degradation just because of the number of GWs managed per CMA. CMA/MDS performance depends on amount of administrative actions done, which somewhat increases with amount of managed GWs. But if you install policy once in a while and do not change rules much, # of GWs should not be important.

 

PhoneBoy
Admin
Admin

One area where you definitely want to be careful is pushing policy to a large number of gateways at once.
In R77.x days, more than 30 was problematic in some situations, not sure what the guidance is for R80.x.

Of course, all of this assumes you have licenses for enough gateways at the MDM level. 🙂

funkylicious
Advisor

Hi.

For us, CMA's with 40+ to 50 clusters have started to have policy installation issues when doing it automatically at night and we have been asked to split them at different hours.