Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend
Jump to solution

MDPS - sk138672

Hey boys and girls,

Just wanted to post this to see if anyone had any experience with it so far and what feedback is. I recall this concept from Palo Alto few years back, but had not seen it on CP side as of yet.

https://support.checkpoint.com/results/sk/sk138672

If anyone has any feedback to share, please be free.

Best,

Andy

0 Kudos
3 Solutions

Accepted Solutions
_Val_
Admin
Admin

We have multiple customers using MDPS. It helps in case the system runs a high CPU, for example. What's the question?

View solution in original post

Chris_Atkinson
Employee Employee
Employee

Routing & Resource separation would be the usual reasons for turning to MDPS.

CCSM R77/R80/ELITE

View solution in original post

Chris_Atkinson
Employee Employee
Employee

Basic / simplified examples:

- Preventing traffic processing consuming all resources of the system resulting in poor management responsiveness 

- Allow separate default routes for the isolated  management network versus production

CCSM R77/R80/ELITE

View solution in original post

21 Replies
_Val_
Admin
Admin

We have multiple customers using MDPS. It helps in case the system runs a high CPU, for example. What's the question?

the_rock
Legend
Legend

Thanks for answering Val, appreciated. I did not have really specific question about it, more just to get feedback, though I guess one question I have would be what might be biggest advantage of using this method compared to not using it?

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Routing & Resource separation would be the usual reasons for turning to MDPS.

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Hey Chris,

Is there good example of that? I mean in a sense of how it would help with routing and resource separation?

Best,

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Basic / simplified examples:

- Preventing traffic processing consuming all resources of the system resulting in poor management responsiveness 

- Allow separate default routes for the isolated  management network versus production

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Awesome, thanks guys, that helps.

Best,

Andy

0 Kudos
the_rock
Legend
Legend

One more question @Chris_Atkinson 

I assume this cant be configured via web UI based on the sk...correct? Appears only via clish?

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

CLI only correct, similar to VSX.

Well perhaps that's too much of a generalisation but it's listed in the limitations in any case.

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Thanks mate, always greateful for your help.

Have a nice weekend.

Andy

Jarvis_Lin
Collaborator

Will this limitation be fixed in the future?

0 Kudos
the_rock
Legend
Legend

What limitation @Jarvis_Lin ?

Andy

0 Kudos
Jarvis_Lin
Collaborator

setting from command, not from Gaia GUI.

It’s no problem for engineers setting from command, but it’s a big challenge for customers.

0 Kudos
the_rock
Legend
Legend

O that, right. I really could not say, maybe best to submit RFE, I suppose.

Andy

0 Kudos
the_rock
Legend
Legend

Btw, I checked the sk again and dont see anything about it there either, so as I mentioned, I would submit RFE about it.

0 Kudos
Jarvis_Lin
Collaborator

Hi Rock,

My English is not good, I checked the sk,

I was referring to the limitations of PMTR-81746, Security groups are not supported for Gaia Portal when MDPS is enabled.

It's hard for customers. If they need to set VLAN or routing.etc.

the_rock
Legend
Legend

Ah, now I got it, sorry. Yes, I can imagine that would be somewhat inconvenient, for sure. I would still submit RFE or maybe comment on the sk or if you can, also message your local SE to see if they can push that further within Check Point internally.

Best,

Andy

the_rock
Legend
Legend

If you click below, it would ask you to submit a feedback and you would get an email about it from skhelp@checkpoint.com

Andy

 

Screenshot_1.png

the_rock
Legend
Legend

I mispelled this, but you get an idea, see below, my feedback, exactly what you said essentially.

Andy

 

Screenshot_1.png

0 Kudos
Jarvis_Lin
Collaborator

Thank you, you're such a kind person.

(1)
the_rock
Legend
Legend

Thanks man for the kind words. Im just trying to help fellow CP brothers and sisters, thats all 🙂

Andy

0 Kudos
the_rock
Legend
Legend

Btw, I got an email again from sk team indicating the sk will be updated once the limitation is fixed. No time frame on it though.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events