gaia os with management machine vs without it

hi guys

question : say i want to setup a new 5600 appliance (for the sake of the discussion)

why would i use a management vm or why wouldn't i? what's the advantage of a management vm in a single (or maybe) cluster environment ?


thank you

I would have a separate management VM/appliance. While that has a higher up-front cost, it will provide better experience and save you time and energy down the road.

If you run gateway and management on the same appliance, the appliance will need to handle both tasks. R80.x Management requires significantly more resources than previous releases. While lower end appliances support it, the performance/experience may not be optimal.

If you move from a single gateway to a cluster, both cluster members will need to run management (a so-called Full HA config). If you add other gateways to the mix, you will need to acquire a management license to manage those other gateways anyway and take extra effort to migrate to a separate management appliance/VM.


ok. so first off, the initial advantage is save some load from the gw. that's good.
so let's say i have a single gw with mgmt vm. what happens if the mgmt vm is down? what functionality will be lost?

also, a related/non related question. if i have a single gw, can i add an additional and create a cluster from it without loosing the 1ft one's settings? i mean, using the 1st one as a reference to copy the config to the 2nd, thus forming a cluster.
Some VPN functionality, such as remote access that requires office mode licenses and VPN site to site certificate services (internal Check Point to Check Point VPN's) wouldn't work. You wouldn't lose your logs as they'd stay on the firewall until the management server was available again. It's worth noting that as present, there's no clean-easy way to migrate from on-boad management to an external manager like there used to be, to do with the differences in R80x code. So factor that in. RE your cluster question. Probably not if it's on-board management, as it becomes a bit of a mess. When you have a single gateway with onboard management, it's a single box with a single object - trying to unpick that and turn it into a cluster, Is going to be difficult but is most likely possible. There is a world of headaches that on-board management introduces and I'd personally advise against it where other means can be used.
