Additional Features and Limitations

00:01

Welcome back to check point. Jump start,

00:05

Maestro training.

00:07

I have a couple of

00:10

odds and ends

00:12

the Radha and updates

00:16

first.

00:17

Uh,

00:19

if you want to see what

00:20

jumble hot fix accumulator is installed,

00:25

you can do that with the A s G underscore provisioned command

00:32

some some limitations, uh,

00:36

one.

00:37

You can have different models of security gateway modules connected to your orchestrator. However,

00:44

at least in our 80.20 s p,

00:49

all security gateway

00:51

modules in the same security group must be the same model.

01:00

Currently, you cannot Nat or VPN

01:03

anedge meant

01:06

to the single management object traffic.

01:08

That's because the correction layer has a limitation

01:12

that it cannot correct traffic being sent to a management port.

01:22

The default distribution mode has changed between our 80.20

01:27

spn already 0.30

01:30

sp

01:32

in our 80 dot

01:33

20 SP and earlier. The default distribution mode

01:38

is general

01:40

in our 80.30 SP.

01:42

The default distribution mode is user or network, depending on the interface,

01:52

there's a limitation regarding smart view Monitor,

01:57

smart view, monitor of a by strode deployment.

02:01

We'll get statistics

02:04

Onley from

02:06

one of the security gateway modules

02:08

and will not reflect

02:10

all of the traffic that

02:14

passing through the system.

02:17

There are a couple of network ranges that are reserved for internal use by the orchestrator

02:24

and the security. Gateway modules 192.0 dot to slash 24

02:30

is reserved for synchronization. Traffic

02:34

in 198.51 dot 101 slash 24 is reserved for chassis internal

02:43

networking messages.

02:47

Connections that pass between up link ports and management ports are not supported.

02:55

Already 0.30

02:58

SP has added some features

03:01

multi cues which

03:04

provides more efficient utilization of core excel

03:08

now

03:09

enabled by default

03:14

bsx Virtual switches

03:16

are supported,

03:17

but this requires ah, hot fix. Currently,

03:22

threat extraction is supported in our 80.30 SP.

03:27

This

03:28

requires ah, hot fix

03:31

I P v six is supported,

03:36

as are having multiple down lee connections to a security gateway module

03:43

load share traffic instead of

03:46

active standby.

03:50

I also want to point you at some

03:53

documentation and help. Resource is

03:59

so that will be next.

04:03

No pre sources for your maestro deployment.

04:09

Ah, obvious starting point is

04:12

secure knowledge.

04:15

So support center dot checkpoint dot com

04:19

and

04:21

search for

04:25

in this case, checkpoint

04:27

Maestro

04:28

and

04:30

you can make the search a little bit more specific

04:32

by including the release number are 80.20 s p, for example,

04:39

and several great results

04:42

are included.

04:45

Specifically

04:46

this product page

04:50

looting

04:53

leaks to download

04:55

the are 80.20 s p i S o image

05:00

appliances.

05:03

The port mapping

05:05

orchestrators graphic

05:08

which I've used in this training

05:18

administration guides.

05:21

So administrating Guyana, administrating

05:25

that

05:26

guy in a maestro environment. Administrating maestro,

05:30

maestro performance tuning bsx

05:33

Also very handy is a maestro frequently asked questions document

05:40

and

05:42

the

05:43

Checkpoint Maestro known limitations document.

05:49

Another great source of help

05:54

with maestro is the Czech mates

05:57

Maestro section

05:59

So you can go toe

06:01

community dot checkpoint dot com

06:04

and under products

06:08

the products drop down menu Select Maestro

06:13

your network.

06:15

There is a lot of good information that is provided by checkpoint employees

06:20

as well as checkpoint partners

06:24

and users.

06:25

You are sharing their knowledge and experience

06:28

in some cases, their scripts.

06:34

So that concludes my

06:38

errata and additions.