I have actually 6 (2*3) clusters of 16200/26000 on 2 sites and have to start the design of a new site. I'm considering maestro with only one model and at least 3 appliances per security group. I think it's the way to go to avoid paying a standby member doing nothing 99,99% of it's life... actually appliances are from 2019... only QLS are new but to big to have 3 per security group. I would like a smaller QLS appliance or a newer range of maestro appliances ! Thanks for your job !
Maestro is good if you want a lot of traffic in one firewall and you want to be able to scale it within the same firewall. Ie 20G in one firewall. Other option would be to run VSX with VSLS (both can also be combined) With VSX you split it up to more virtual firewall, however if just running vsx with vsls one firewall can maximum utilize the performance of 1 box, so to use it in a good way you would need to split up in multiple virtual firewall that you then load over multiple members. Ie 2 x 10G in the cluster, like one dedicated firewall for DMZ and one for Client internet access.
Thanks man you are the best Check Point videos on RUclips
Thank you :)
Thanks for sharing your experience of real world deployments of CP devices.
np, there is always somewhat of a missmatch between what can be done and what should be done :)
InstaBlaster...
I have actually 6 (2*3) clusters of 16200/26000 on 2 sites and have to start the design of a new site.
I'm considering maestro with only one model and at least 3 appliances per security group.
I think it's the way to go to avoid paying a standby member doing nothing 99,99% of it's life...
actually appliances are from 2019... only QLS are new but to big to have 3 per security group.
I would like a smaller QLS appliance or a newer range of maestro appliances !
Thanks for your job !
Maestro is good if you want a lot of traffic in one firewall and you want to be able to scale it within the same firewall.
Ie 20G in one firewall.
Other option would be to run VSX with VSLS (both can also be combined)
With VSX you split it up to more virtual firewall, however if just running vsx with vsls one firewall can maximum utilize the performance of 1 box, so to use it in a good way you would need to split up in multiple virtual firewall that you then load over multiple members. Ie 2 x 10G in the cluster, like one dedicated firewall for DMZ and one for Client internet access.
I might have a silly question,
is it okay we use virtualized Checkpoint Gaia OS at home then using trial license? 🤔
Sure why not
Awesome
Thanks m8
thank you master magnus
Salamat :)
Thank you
You're welcome
Hi, do you have this info to read? Thanks
I dont really have any one specific PDF or similar its more knowledge put together by experiance and reading alot of diff sk.