This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RS_Daniel
Advisor
Advisor
‎2025-02-21 01:40 PM
Jump to solution

Quantum Spark limitation

Hello Community!

We are currently working with a potential customer who requires VPN connectivity for more than 100 branch offices to their headquarters. Our plan is to deploy Check Point 1535 devices at each branch and a Check Point 1800 at the HQ as the VPN hub.

Based on our topology, we would need to configure a Star VPN Community with 120 satellite gateways and 1 central gateway. However, we came across the following limitation in sk178604

 

Screenshot 2025-02-21 172152.png

We would appreciate some clarification on this limitation and have the following questions:

  1. Does this 100 satellite gateway limit apply only when using SMP (Quantum Spark Management), or does it also apply when using a Management Server (on-prem or cloud)?
  2. If this limitation applies to SMP, would it be possible to keep the VPN configuration locally on the devices while only sending logs to SMP, avoiding this restriction?
  3. Is there any roadmap or future version planned to increase the 100 satellite gateway limit?

Thanks in advance for your help!

0 Kudos
1 Solution

Accepted Solutions
Amir_Erman
Employee
Employee
‎2025-02-21 02:01 PM
Jump to solution

Hi, 

SPARK can act as VPN center only if it is managed by Spark management 

In centrally managed, SPARK can be deployed only in branches

"100" limitation is not hard limit - it was the max scale during tests

Q - what is the scale target, how many branches?

BTW - It is strongly recommended to deploy SPARK cluster as VPN center (when managed by SPARK Management)

If you wish to further discuss this project, please contact me directly 

Thanks

View solution in original post

6 Replies
Amir_Erman
Employee
Employee
‎2025-02-21 02:01 PM
Jump to solution

Hi, 

SPARK can act as VPN center only if it is managed by Spark management 

In centrally managed, SPARK can be deployed only in branches

"100" limitation is not hard limit - it was the max scale during tests

Q - what is the scale target, how many branches?

BTW - It is strongly recommended to deploy SPARK cluster as VPN center (when managed by SPARK Management)

If you wish to further discuss this project, please contact me directly 

Thanks

drick
Explorer
‎2025-02-22 05:25 PM
In response to Amir_Erman
Jump to solution

We have several models from 1500-1600 that have the spark sizing that alerts in DR spark for 100 connected hosts. Is there anyway to see what model we need for more connected hosts? Currently when we open a ticket with support they say we are beyond the connected hosts sizing and they encourage us to upgrade hardware but can't tell us what hardware would be best for our connected host count. We don't use any blades except for "firewall" and "site to site vpn" other than that they are all disabled. We've had issues with it on the later firmware because it chews through memory. 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-02-24 03:57 AM
In response to drick
Jump to solution

What we can see is the included licenses that correspond roughly to the SMBs models power:

1535/55 100 Users

1575/95 200 Users

https://www.checkpoint.com/downloads/products/1500-pro-security-gateway-datasheet.pdf

1600 / 1800  500 Users

https://www.checkpoint.com/downloads/products/1600-1800-security-gateway-datasheet.pdf

1900 / 200  1000 Users

https://www.checkpoint.com/downloads/quantum-spark-1900-2000-datasheet.pdf

I would not see DR.Spark as the authority here 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
drick
Explorer
‎2025-02-24 07:29 AM
In response to G_W_Albrecht
Jump to solution

Hello, the only limit I can see on that datasheet is for the mobile users/vpn license. This is just for connected hosts in general. CP support is saying we are over the sizing capacity of 100 users that dr spark reports and suggests we upgrade. They can't give me a model to upgrade to. Pre-sales has no idea on the connected hosts limitation so they are looking into this more too. fun!

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-02-25 12:39 AM
In response to drick
Jump to solution

Yes, but thius license gives at least a hint 😉 The real problem is that any enabled blade takes its toll, and if you use https inspection this will use up much ressources. So the number of users can vary according to configuration.

I also have heard this argument from TAC, but it clearly is nonsense - someone buildt things into Dr.Spark that sometimes do not make much sense, especially the report from standby cluster nodes is partly missleading/wrong.

If you experience issues like cpu too high, look into this: https://community.checkpoint.com/t5/SMB-Gateways-Spark/History-of-SMB-Specs-and-Performance/td-p/174... and decide about the upgrade...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
RS_Daniel
Advisor
Advisor
‎2025-02-24 04:57 AM
In response to Amir_Erman
Jump to solution

Hello @Amir_Erman,

Thank you for your response. I sent you a PM in case you can help us a bit more.

Regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events