Working with Quantum Maestro

Note - This chapter describes the unique procedures that apply only to Maestro.

For additional procedures that apply to all Scalable Platforms, see the chapter Common Procedures for Scalable Platforms.

Maestro Overview

Check Point Maestro introduces to the industry a new way to utilize current hardware investment and maximize appliance capacity in an easy-to manage HyperScale network security solution to bring our networks and data center to the world of hybrid clouds.

With Maestro, organizations can simplify their data center workflow orchestration and scale up their existing Check Point Security Gateways on demand - the same way as they can spin up new servers and compute resources in public clouds.

The Maestro HyperScale network security solution orchestrates multiple Quantum Security Gateways as one unified system, with seamless and near limitless scaling. Bring scale, agility, and elasticity of the cloud on premises with efficient N+1 clustering based on Check Point HyperSync technology. Quantum Maestro Orchestrators distribute internal and external network traffic equally across multiple Quantum Security Gateways managed as a single group with a common security feature set and policy. With Maestro, businesses of all sizes can have cloud scale and agility with datacenter resiliency - all while maximizing cost efficiency.

  • Security at HyperScale:

    Up to 52 Gateways capable of 1.5 Tera/bps of Threat Prevention Performance (depends on the Orchestrator and Security Appliance models)

  • Flexible Operations:

    Spin up new Security Gateways on demand to accommodate your dynamic security needs

  • Cloud-Level Efficiency:

    Full active-active redundancy to completely utilize all your hardware resources

Maestro Security Groups

You can dynamically allocate or deallocate compute resources within and between Security Groups to meet your needs.

Each Security Group is a logical group of Security Appliances providing Active/Active cluster functionally segregated from other Security Groups.

Each Security Group has dedicated internal and external interfaces and may have a different configuration set and policy. For example, an Access Control Security Group protecting a data center, or a Threat Prevention Security Group providing perimeter protection.

Action Plan:

  1. Connect Quantum Maestro Orchestrators on your network:

    1. Connect the sync ports between the Orchestrators (internal sync on the same Site, and external sync between the Sites).

    2. Connect the data networks to the Orchestrators (to uplink ports).

  2. Connect Check Point Security Appliances to the Orchestrators (to downlink ports).

  3. On one of the Orchestrators, configure the applicable Security Group.

  4. In SmartConsole:

    1. Configure a single Security Gateway object (the Single Management Object, SMO) that represent this Security Group.

    2. Configure and install the applicable Security Policies on this Security Gateway object.

  5. On the Security Group, configure other applicable settings (for example, routing).

  6. Add other Security Appliances to the Security Group, as needed.

    The appliances automatically clone all software packages, settings, and security policies from the SMO Security Group Member.

For the initial installation and configuration, see the Quantum Maestro Getting Started Guide.