Max # of Gateways per CMA

Max_Baumgarten · ‎2020-08-12

Hey All,

Was wondering if Check point has any data regarding performance/stability impacts to a CMA/MDS based on the number of gateways per CMA? For example, does a CMA become noticeably slower/unstable if you have >100 gateways in the CMA? Are there any best practices for the number of gateways that should be in a CMA?

Thanks!

Magnus-Holmberg · ‎2020-08-12

I would say it heavily depend on how much logs the gateways are generating, how powerfull the MDS is, how many other CMA within the MDS etc.
Do you offload the logs to one or more MLM?

regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec

Max_Baumgarten · ‎2020-08-12

All Logs offload to MLMs.

_Val_ · ‎2020-08-12

Second what @Magnus-Holmberg said. With logs off-loaded to MLM, MDS should not experience any significant performance degradation just because of the number of GWs managed per CMA. CMA/MDS performance depends on amount of administrative actions done, which somewhat increases with amount of managed GWs. But if you install policy once in a while and do not change rules much, # of GWs should not be important.

PhoneBoy · ‎2020-08-16

One area where you definitely want to be careful is pushing policy to a large number of gateways at once.
In R77.x days, more than 30 was problematic in some situations, not sure what the guidance is for R80.x.

Of course, all of this assumes you have licenses for enough gateways at the MDM level. 🙂

funkylicious · ‎2020-08-16

Hi.

For us, CMA's with 40+ to 50 clusters have started to have policy installation issues when doing it automatically at night and we have been asked to split them at different hours.

Are you a member of CheckMates?

Max # of Gateways per CMA