This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2024-06-05 04:18 AM
Jump to solution

MDPS - sk138672

Hey boys and girls,

Just wanted to post this to see if anyone had any experience with it so far and what feedback is. I recall this concept from Palo Alto few years back, but had not seen it on CP side as of yet.

https://support.checkpoint.com/results/sk/sk138672

If anyone has any feedback to share, please be free.

Best,

Andy

0 Kudos
3 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2024-06-07 06:14 AM
Jump to solution

We have multiple customers using MDPS. It helps in case the system runs a high CPU, for example. What's the question?

View solution in original post

Chris_Atkinson
Employee Employee
Employee
‎2024-06-07 06:37 AM
In response to the_rock
Jump to solution

Routing & Resource separation would be the usual reasons for turning to MDPS.

CCSM R77/R80/ELITE

View solution in original post

Chris_Atkinson
Employee Employee
Employee
‎2024-06-07 07:07 AM
In response to the_rock
Jump to solution

Basic / simplified examples:

- Preventing traffic processing consuming all resources of the system resulting in poor management responsiveness 

- Allow separate default routes for the isolated  management network versus production

CCSM R77/R80/ELITE

View solution in original post

21 Replies
_Val_
Admin
Admin
‎2024-06-07 06:14 AM
Jump to solution

We have multiple customers using MDPS. It helps in case the system runs a high CPU, for example. What's the question?

the_rock
Legend
Legend
‎2024-06-07 06:15 AM
In response to _Val_
Jump to solution

Thanks for answering Val, appreciated. I did not have really specific question about it, more just to get feedback, though I guess one question I have would be what might be biggest advantage of using this method compared to not using it?

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-06-07 06:37 AM
In response to the_rock
Jump to solution

Routing & Resource separation would be the usual reasons for turning to MDPS.

CCSM R77/R80/ELITE
the_rock
Legend
Legend
‎2024-06-07 06:42 AM
In response to Chris_Atkinson
Jump to solution

Hey Chris,

Is there good example of that? I mean in a sense of how it would help with routing and resource separation?

Best,

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-06-07 07:07 AM
In response to the_rock
Jump to solution

Basic / simplified examples:

- Preventing traffic processing consuming all resources of the system resulting in poor management responsiveness 

- Allow separate default routes for the isolated  management network versus production

CCSM R77/R80/ELITE
the_rock
Legend
Legend
‎2024-06-07 07:09 AM
In response to Chris_Atkinson
Jump to solution

Awesome, thanks guys, that helps.

Best,

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-06-07 07:12 AM
In response to Chris_Atkinson
Jump to solution

One more question @Chris_Atkinson 

I assume this cant be configured via web UI based on the sk...correct? Appears only via clish?

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-06-07 07:33 AM
In response to the_rock
Jump to solution

CLI only correct, similar to VSX.

Well perhaps that's too much of a generalisation but it's listed in the limitations in any case.

CCSM R77/R80/ELITE
the_rock
Legend
Legend
‎2024-06-07 07:58 AM
In response to Chris_Atkinson
Jump to solution

Thanks mate, always greateful for your help.

Have a nice weekend.

Andy

Jarvis_Lin
Collaborator
‎2024-06-09 09:26 AM
In response to Chris_Atkinson
Jump to solution

Will this limitation be fixed in the future?

0 Kudos
the_rock
Legend
Legend
‎2024-06-09 09:32 AM
In response to Jarvis_Lin
Jump to solution

What limitation @Jarvis_Lin ?

Andy

0 Kudos
Jarvis_Lin
Collaborator
‎2024-06-09 09:37 AM
In response to the_rock
Jump to solution

setting from command, not from Gaia GUI.

It’s no problem for engineers setting from command, but it’s a big challenge for customers.

0 Kudos
the_rock
Legend
Legend
‎2024-06-09 09:59 AM
In response to Jarvis_Lin
Jump to solution

O that, right. I really could not say, maybe best to submit RFE, I suppose.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-06-09 10:04 AM
In response to Jarvis_Lin
Jump to solution

Btw, I checked the sk again and dont see anything about it there either, so as I mentioned, I would submit RFE about it.

0 Kudos
Jarvis_Lin
Collaborator
‎2024-06-09 10:20 AM
In response to the_rock
Jump to solution

Hi Rock,

My English is not good, I checked the sk,

I was referring to the limitations of PMTR-81746, Security groups are not supported for Gaia Portal when MDPS is enabled.

It's hard for customers. If they need to set VLAN or routing.etc.

the_rock
Legend
Legend
‎2024-06-09 10:46 AM
In response to Jarvis_Lin
Jump to solution

Ah, now I got it, sorry. Yes, I can imagine that would be somewhat inconvenient, for sure. I would still submit RFE or maybe comment on the sk or if you can, also message your local SE to see if they can push that further within Check Point internally.

Best,

Andy

the_rock
Legend
Legend
‎2024-06-09 10:49 AM
In response to Jarvis_Lin
Jump to solution

If you click below, it would ask you to submit a feedback and you would get an email about it from skhelp@checkpoint.com

Andy

 

Screenshot_1.png

the_rock
Legend
Legend
‎2024-06-09 11:29 AM
In response to Jarvis_Lin
Jump to solution

I mispelled this, but you get an idea, see below, my feedback, exactly what you said essentially.

Andy

 

Screenshot_1.png

0 Kudos
Jarvis_Lin
Collaborator
‎2024-06-09 12:13 PM
In response to the_rock
Jump to solution

Thank you, you're such a kind person.

the_rock
Legend
Legend
‎2024-06-09 12:17 PM
In response to Jarvis_Lin
Jump to solution

Thanks man for the kind words. Im just trying to help fellow CP brothers and sisters, thats all 🙂

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-06-10 04:22 AM
In response to Jarvis_Lin
Jump to solution

Btw, I got an email again from sk team indicating the sk will be updated once the limitation is fixed. No time frame on it though.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top