In this video we make a short intro to MDS and what it could be used for. See it as a introduction to the MDS / VSX serie that i will be posting the here on youtube.
Hello Magnus, I really like all of your videos and indeed the R80 CCSA course. Well done, good prepared and nice presented. It´s really good to have not the 100% video and when I can see how you deal with issues during the video. This is authentic and amazing! Thanks a lot. Alexander
Thank you Alexander! I agree with you, it’s more fun for me and I think it gives you guys more aswell if some troubleshooting is included. In real world you do miss things and it’s important that you do know how to use Google, SK from check point and some basic troubleshooting. It may not follow the official course but I think it would be to great help for someone looking to work with check point :) Official check point ccsa course actually expect you to also work ~6months with check point before attempting to write the certificate.
Thank you, working on the next few episodes on the MDS serie. So am thinking next up will be some basic CLI commands. Anything specific you would like to see?
@@afbraganza took a few years before someone did show me VSX and MDS, my first though of this was like **** why did no one show me this earlier, this is exactly what I do need in my environment. To be honest this is the main reason why I did start making check point stuff on RUclips because the VSX and MDS content is none existing
Hi Magnus, I really enjoyed your videos. They are amazing. I would like to make a short suggestion for a possible topic, if you can make a video that handles the migration of a normal management to a CMA in an MDS. Kr, Cristian
Thank you! Yes that’s a great lab suggestion, it’s something I have on the todo list. We also started off with a normal sms and did go for a cma. That way is normally ok. The other way on the other hand going from cma to sms was atleast before really difficult and no sk available for it :)(maybe this has changed during r8X)
Hallo Mr. Magnus, Greetings from Indonesia. I am interested in your video, very useful. I want to ask, based on the explanation in the topology picture, does that mean we can put 2 different VS in the same 1 VSX Box but different CMA? So for example I have MDS with CMA-01 and CMA-02. I have 1 Box VSX Gateway, I SIC to CMA-01, then on CMA-01 I create VS-01, and when I create CMA-02, can I create VS-02 but it leads to the VSX Gateway box in SIC to CMA-01 earlier? Thanks, sir.
Not sure if i understand the question fully. But yes a VSX cluster can host multiple VS and these can be within same or differente CMA:s (requires licenses ofc) So yes. VS1 can belong to CMA1 VS2 can belong to CMA2 VS3 and VS4 can belong to CMA3 VS5 and 10 x normal fw cluster can belong to CMA4 VS1 > 5 can be distrubuted on multiple VSX nodes within the same cluster if you run VSLS.
Hello, Magnus. One question, is it possible to have a MDS HA environment, from 2 sites located in different geographical locations? Do you have documentation to help me to deploy this kind of scenario? Thanks for your support.
Don’t really have anything other than sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Multi-DomainSecurityManagement_AdminGuide/Topics-MDSG/Getting-Started.htm
@@poseidon8510 ye and check point has promised many times SP should be in main train. R81 it’s added to the same but. I would need very specific reasons to actually look on chassis.
Its in the works, to make a vpn video i need something to build them between. plan is to use the VSX series for this to be able to build a tunnel between a GW and a VS. am not planning to do any video on the theory of VPN, it will be a config video and possible a troubleshooting video.
@@desaironak11 I would say that’s because vpn troubleshooting is way way more complicated than it need to be on check point compare to other vendors. Such as you can not see what is actually sent from the gateway if it fails directly in the logs you need to use another tool for it.
This is the best and easiest to understand Checkpoint MDS video illustration on the entire Internet.
Haha, it was actually hard to find something online, I did my best :)
Next time I will try to take some presentation from check point.
Great content Magnus! Thank you
Thank you :)
Hello Magnus, I really like all of your videos and indeed the R80 CCSA course. Well done, good prepared and nice presented. It´s really good to have not the 100% video and when I can see how you deal with issues during the video. This is authentic and amazing! Thanks a lot. Alexander
Thank you Alexander!
I agree with you, it’s more fun for me and I think it gives you guys more aswell if some troubleshooting is included.
In real world you do miss things and it’s important that you do know how to use Google, SK from check point and some basic troubleshooting.
It may not follow the official course but I think it would be to great help for someone looking to work with check point :)
Official check point ccsa course actually expect you to also work ~6months with check point before attempting to write the certificate.
Great MDS series. Waiting for new stuff to learn from you.
Thank you, working on the next few episodes on the MDS serie.
So am thinking next up will be some basic CLI commands.
Anything specific you would like to see?
@@MagnusHolmberg-NetSec - Everything you discuss is a new learning curve for me. And thank you for that. Waiting for the VSX series to start.
@@afbraganza took a few years before someone did show me VSX and MDS, my first though of this was like **** why did no one show me this earlier, this is exactly what I do need in my environment. To be honest this is the main reason why I did start making check point stuff on RUclips because the VSX and MDS content is none existing
Great video, thank you!
Hi Magnus, I really enjoyed your videos. They are amazing. I would like to make a short suggestion for a possible topic, if you can make a video that handles the migration of a normal management to a CMA in an MDS. Kr, Cristian
Thank you!
Yes that’s a great lab suggestion, it’s something I have on the todo list.
We also started off with a normal sms and did go for a cma. That way is normally ok.
The other way on the other hand going from cma to sms was atleast before really difficult and no sk available for it :)(maybe this has changed during r8X)
Great content. Thank you
My pleasure!
Hallo Mr. Magnus, Greetings from Indonesia.
I am interested in your video, very useful.
I want to ask, based on the explanation in the topology picture, does that mean we can put 2 different VS in the same 1 VSX Box but different CMA?
So for example I have MDS with CMA-01 and CMA-02.
I have 1 Box VSX Gateway, I SIC to CMA-01, then on CMA-01 I create VS-01, and when I create CMA-02, can I create VS-02 but it leads to the VSX Gateway box in SIC to CMA-01 earlier?
Thanks, sir.
Not sure if i understand the question fully.
But yes a VSX cluster can host multiple VS and these can be within same or differente CMA:s (requires licenses ofc)
So yes.
VS1 can belong to CMA1
VS2 can belong to CMA2
VS3 and VS4 can belong to CMA3
VS5 and 10 x normal fw cluster can belong to CMA4
VS1 > 5 can be distrubuted on multiple VSX nodes within the same cluster if you run VSLS.
Great courses Thank you Sir!!
Thanks! more to come
Hello, Magnus.
One question, is it possible to have a MDS HA environment, from 2 sites located in different geographical locations?
Do you have documentation to help me to deploy this kind of scenario?
Thanks for your support.
Yes MDS HA can be in diff geo locations, many use it to have one MDS per Asia/eu/us
Don’t really have anything other than sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Multi-DomainSecurityManagement_AdminGuide/Topics-MDSG/Getting-Started.htm
thanks, sir
Your welcome :)
Thanks
Your welcome, :)
Hi Mag !! Thanks
Your welcome I hope you guys will like the coming MDS/VSX serie :)
@@MagnusHolmberg-NetSec sure , yes, in my work we have a 41K chassis with MDS
@@poseidon8510 am not a fan of the chassis, but then you guys have a pretty nice setup :) hopefully you will learn something cool.
@@MagnusHolmberg-NetSec lot of bug with special version (SP) ...
@@poseidon8510 ye and check point has promised many times SP should be in main train. R81 it’s added to the same but. I would need very specific reasons to actually look on chassis.
But I like this one as well. Very interesting n informative
Thank you :)
Please do VPN video
Its in the works, to make a vpn video i need something to build them between.
plan is to use the VSX series for this to be able to build a tunnel between a GW and a VS.
am not planning to do any video on the theory of VPN, it will be a config video and possible a troubleshooting video.
@@MagnusHolmberg-NetSec yeah perfect. Not many vidoes on tshoot vpn so it will be really helpful.
@@desaironak11 I would say that’s because vpn troubleshooting is way way more complicated than it need to be on check point compare to other vendors.
Such as you can not see what is actually sent from the gateway if it fails directly in the logs you need to use another tool for it.