Some times ago we completed a migration from an ESX VM Security Management Server R77.30 to an R80.10 Appliance Smart-1 3150 with 264GB RAM to manage more than 250 Gateway in our environment, ranging from 1100 to 15600 appliances.
Before the Migration, as we asked Check Point for an advice regarding our environment, we were told that, if we were satified with our configuration and our main need was just to have concurrent Administrator,
we did not need to move to a Multi-Domain implementation, since that feature was already supported in R80.10.
After moving to the new R80.10 Appliance Smart-1 3150, we begun having memory issues, with the the FWM process increasing day by day till 4GB, and than crashing once to twice a week and creating a core dump.
After opening a Case for this issue, we were provided an hotfix, which actually just slowed down the time till we had anyway the FWM issue and the core dumps were created, not solving the problem.
Furthermore during the case handling we were told that, actually, with our environment of more then 250 GWs, a Multi-Domain implementation should be highly recomended, even if before with R77.30 we did not have that issue, because of the difference in the Operating System. We were in fact aware of the changes between R77.30 and R80.10, and of FWM and JAVA Processes difference.
Now, I'd like to know what is your experience with the maximal number of Gateways and/or Cluster managed by a single Security Management Server, and if you know, if there is a real best practice to advice when a Multi-Domain environment is really needed. I mean that from a performance point of view, since the benefits of MDS from Management and organizational point of view are obvious and pretty clear.
I have here the feeling that on Check Point side, there is a mismatch between "on the field - hands on" experience, for which number of gateway is not a mandatory precondition to go with MDS, and a more or less Official best practice, which would advice to go with MDS already with 50 gateway.