Dual Site

This section describes the deployment of Quantum Maestro OrchestratorsClosed A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO. on two different physical sites while each site has two Quantum Maestro Orchestrators.

Note - Quantum Maestro OrchestratorsClosed See "Maestro Orchestrator". with R80.20SP support the Dual Site deployment starting from R80.20SP Jumbo Hotfix Accumulator Take 163.

It is possible to deploy two Quantum Maestro Orchestrators on each physical site and connect the sites to each other.

The sites synchronize both connections and configuration.

There are three supported configurations for Dual Site:

Configuration Brief Description

Dual Site with Direct Connection

Direct connection between Quantum Maestro Orchestrators on both sites.

Dual Site with two Switches

Quantum Maestro Orchestrators on the same site connect to the same Layer 2 switch.

The two Layer 2 switches on both sites connect directly.

Dual Site with four Switches

Every Quantum Maestro Orchestrator on the same site connects to its own Layer 2 switch.

Every Layer 2 switch on every site connects directly to its counterpart Layer 2 switch on another site.

Warning:

It is critical to protect the Maestro Sites against both malicious and unintentional threats:

  • On each Security Appliance, each required network port must connect to Maestro Orchestrators with a direct able (without intermediate devices).

  • On the same Maestro site, the internal synchronization ports on both Orchestrators must connect to each other with a direct cable or must connect to an isolated dedicated network.

  • On the different Maestro sites, the external synchronization ports on the corresponding Orchestrators must connect to each other with a direct cable or must connect to an isolated dedicated network.