This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ali426
Explorer
‎2022-12-21 03:36 AM
Jump to solution

Maetro Hyperscale security group unassign interfaces

Hi Folks!

 New to Maestro concept, i was just going through some documents and videos. there was unassign interfaces column under security group, this unassign interfaces are from orchestrator or gateway ?  Hope to get clarification

 

Cheers!

0 Kudos
1 Solution

Accepted Solutions
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2022-12-21 06:39 PM
Jump to solution

All interfaces in Maestro (except the downlinks) are housed on the orchestrators. When you create a security group, you assign gateways and interfaces into it (in orchestrator WebUI). The interfaces not assigned to any security group are "unassigned". You should only assign interfaces to each security group that you will need.

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2022-12-21 05:35 AM
Jump to solution

This is done at the Orchestrator level, not the device/gateway level.

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2022-12-21 06:39 PM
Jump to solution

All interfaces in Maestro (except the downlinks) are housed on the orchestrators. When you create a security group, you assign gateways and interfaces into it (in orchestrator WebUI). The interfaces not assigned to any security group are "unassigned". You should only assign interfaces to each security group that you will need.

0 Kudos
Ali426
Explorer
‎2022-12-21 07:17 PM
In response to Lari_Luoma
Jump to solution

Appreciate the response! my question was

1. Unassign interfaces - are this physical interfaces of gateways or are this physical interfaces of orchestrator itself ?

2. In the attach diagram - LAN connections from core switches and wan connections from internet are connected to orchestrator only, dont we have to connect lan and wan connections to gateways ?

3. Basically i am trying to understand real time best practise traffic flow  

Preview file
622 KB
0 Kudos
_Val_
Admin
Admin
‎2022-12-22 12:06 AM
In response to Ali426
Jump to solution

@Ali426 It is best to actually consult the documentation.

Your questions were answered twice already here.

An orchestrator is connected to the GWs with uplinks and downlinks only. All production interfaces are connected to the orchestrator. 

0 Kudos
Ali426
Explorer
‎2022-12-22 12:20 AM
In response to _Val_
Jump to solution

@_Val_ thanks for the response! so as per my understanding

1. Traffic from source network comes to orchestrator

2. then orchestrator send the traffic to respective gateway of that security group

3. Gateway will process this traffic and send back to orchestrator over the downlink

4. Orchestrator then send this traffic to destination

Summary:

1.Gateways will just receive traffic from orchestrator, process the traffic and send back to orchestrator

2. Gateways will never have Internal or External connection connected to them physically

 

0 Kudos
_Val_
Admin
Admin
‎2022-12-22 03:06 AM
In response to Ali426
Jump to solution

Correct. MHO is a load balancer, as part of other operations. It breaks your traffic into flows, which are sent to GWs for processing via downlinks and returned filtered (policy applied and enforced) via uplinks. A Security Group with multiple physical appliances is acting as a single logical security GW. 

Look into documentation and look up in the community, there are tons of info:

For example,

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events