I would like to have your opinion and some insight to the problematic which I am facing at the moment.
We have R77.30 SMS with 10 clusters. All of those 10 clusters are included in MyIntranet meshed community.
On every cluster we have rule that will allow any connection from all other gateways within MyIntranet VPN community.
Now, we need to move 5 clusters from current SMS to the MDS where we will create separate CMA for those 5 clusters.
Next 3 clusters from current SMS will be moved to the different MDS where we will create separate CMA for those 3 clusters.
Remaining 2 clusters from current SMS will be moved to the next different MDS where we will create separate CMA for those last 2 clusters.
Gateways managed by this SMS are based on Europe, USA and Africa.
We will not create new MDS, all MDS servers are already deployed and in production. We will just create new CMA on every MDS, based on location.
Means, first 5 clusters which are located in Europe, will be moved to the MDS located in Europe.
Next 3 clusters located in USA, will be moved to the MDS located in USA.
Remaining 2 clusters which are located in Africa, will be moved to the MDS located in Africa.
For better understanding I can create some basic drawing, as I am not sure if you can imagine the topology at the moment...
All the job during migration will be done based on migrate export / import. We will import package created on SMS on all 3 MDS.
My biggest concern is how can we handle communication between all 10 clusters each other. As I mentioned, the current SMS has MyIntranet meshed community where are all 10 clusters in it.
The plan is to remove not needed policy packages and Check Point devices from all MDS. If I am on Europe MDS, it has no sense to have policy packages for USA and Africa. We will also modify MyIntranet community to have only gateways for the same location. MyIntranet for Europe MDS will have clusters only located in Europe and so on.
For communication between Europe and USA, we will create new star community on MDS in order to establish VPN between Europe and USA.
I would like to discuss what are my options and what is the best way how to minimaze VPN disruption between Europe, USA and Africa to the lowest possible time.
SMS, MDS and all gateways are running R77.30.
If you have any questions, or suggestions, I will really appreciate that.
Thanks for every comment.