General Workflow in Maestro

Notes:

  • It is assumed that you already installed the Quantum Maestro Orchestrators, the Security Appliances, and connected all cables. See the Quantum Maestro Getting Started Guide.

  • When you create a new Security Group on a Maestro Orchestrator, it is not possible to configure the Gaia GRUB Password in the Security Group wizard on the Maestro Orchestrator.

    You can configure the Gaia GRUB Password only after you complete the Gaia First Time Configuration Wizard on the Security Group. See the R82 Gaia Administration Guide > Chapter "System Management" > Section "System Passwords".

  1. Note - Configure only one of the installed Quantum Maestro Orchestrators. The Quantum Maestro Orchestrators synchronize the configuration automatically with each other.

    Each Security Group must contain:

    1. One or more Security Appliances.

      Note - The Quantum Maestro Orchestrators automatically assign the corresponding Downlink ports.

    2. Applicable ports on the Quantum Maestro Orchestrators:

      • A dedicated Management port, which connects the Security Group to the Management Server (for example, eth1-Mgmt1).

      • Uplink ports, to which you connected the external traffic and internal traffic networks.

    You can configure Security Groups in:

    See Summary of Configuration Options in Maestro.

    Perform these steps:

    Step

    Instructions

    a

    Create a new Security Group.

    b

    Add the Network Configuration to the Security Group.

    c

    Configure the First Time Wizard settings in the Security Group.

    Note - This First Time Wizard configures only a limited number of settings.

    d

    Assign the available Security Appliances to the Security Group.

    Important:

    • You can assign only supported Security Appliances to the same Security Group - see sk162373.

    • Security Appliances assigned to the Security Group automatically reboot after you apply the configuration.

    Best Practice for Dual Site - Assign the same number (as possible) of Security Appliances from each site to the Security Group. If a failover occurs between the sites, Security Appliances on the new Active site must be able to process all the traffic.

    e

    Assign the applicable Quantum Maestro Orchestrator ports to the Security Group (Uplink ports and a Management interface).

    Best Practice - Create a Gaia Backup on the Quantum Maestro Orchestrators to save the configuration. For more information, see the R82 Gaia Administration Guide > Chapter Maintenance > Section System Backup.

  2. See Step 2 - Configuring Gaia Settings of a Security Group in Maestro.

    Best Practice - Create a Gaia Backup on the Security Group to save the configuration. For more information, see the R82 Gaia Administration Guide > Chapter Maintenance > Section System Backup.

  3. See Step 3 - Configuration of a Maestro Security Group in SmartConsole.

    • For a Security Group in Gateway mode:

      1. Create one Security Gateway object.

      2. Configure the applicable Security Policy.

      3. Install the Security Policy on the Security Gateway object.

    • For a Security Group in VSX mode:

      1. Create one VSX Gateway object.

      2. Create the objects of Virtual Systems.

      3. Configure the applicable Security Policies for the Virtual Systems.

      4. Install the Security Policies on the Virtual Systems.

  4. See Step 4 - License Installation in Maestro.

  5. Initiate connections that must pass through this Security Group.

  6. See: