Workflow for Configuring Security Groups

You can configure Security Groups on a Quantum Maestro Orchestrator A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO.:

In Gaia Portal Web interface for the Check Point Gaia operating system. - see Configuring Security Groups in Gaia Portal
In Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). - see Configuring Security Groups in Gaia Clish

See Summary of Configuration Options.

Workflow:

Step

Instructions

Create a new Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..

Note - Configure only one of the installed Quantum Maestro Orchestrators. The Quantum Maestro Orchestrators synchronize the configuration automatically with each other.

Best Practice - Configure the First Time Wizard settings in the new Security Group.

Assign the applicable Security Appliances to the Security Group.

Important:

You can assign only supported Security Appliances to the same Security Group - see sk162373.
You must disable SMO Image Cloning in the Security Group before you assign to this Security Group an appliance of a different model than the other assigned appliances (Known Limitation PMTR-71298).
Security Appliances assigned to the Security Group automatically reboot after you apply the configuration.

Best Practice for Dual Site - Assign the same number (as possible) of Security Appliances from each site to the Security Group. If a failover occurs between the sites, Security Appliances on the new Active site must be able to process all the traffic.

Assign the applicable Quantum Maestro Orchestrator ports to the Security Group:

Verify and apply the configuration.

If you did not configure the First Time Wizard settings when you created a Security Group, you must run the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. First Time Configuration Wizard on the Security Group.

With a web browser, connect to the Gaia Portal of the Security Group:

https://<IP Address of Security Group>

Important - This connection goes through the Quantum Maestro Orchestrator's management interface you assigned to this Security Group.

The Gaia First Time Configuration Wizard starts.

Follow the instructions on the screen.

Watch the Demonstration Videos