Professional Documents
Culture Documents
• Chassis:
̶ Housing for mounting SGMs
• SGM (Security Gateway Module):
̶ Line card host running Gaia operating system
• SG (Security Group):
̶ A group of SGMs that acts as a single Gateway
• SSM (Security Switch Module):
̶ Front switches which load balance traffic among SGMs
• Shared hardware
̶ Different systems (Security Groups) shares the same hardware components
(Chassis, SSMs, CMMs)
• Up to 12 Security Groups
• Dual Chassis for extra
redundancy
Chassis 1 Chassis 2
11 22 33 44 55 66 77 77 77 88 88 88
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
©2018 Check Point Software Technologies Ltd. 5
Dual Chassis, even more
• Up to 12 Security Groups
• Dual Chassis for extra
redundancy Chassis 1 Chassis 2
• Security Group redundancy
1 2 3 4 5 6 7 7 7 8 8 8 1 2 3 4 5 6 7 7 7 8 8 8
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Down
Down
Down
©2018 Check Point Software Technologies Ltd. 6
Dual Chassis, even more
• Up to 12 Security Groups
• Dual Chassis for extra
redundancy Chassis 1 Chassis 2
• Security Group redundancy
• All SGs have visibility to the 1 2 3 4 5 6 7 7 7 8 8 8 1 2 3 4 5 6 7 7 7 8 8 8
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Standby
Active
Active
Active
• In case of chassis hardware
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Active
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
failure, each Security Group
acts accordingly
First,
Let’s
Change we must
delete
SGM
Let’s start remove
Security
with1_2 the
Group
state to
removing
SGMs from
SGM 1
Downthe
1_2Security
Group
Now we
RIPcan delete the
– Security Group 1
Security Group
• In order to create a new Security Group, first run “setup” and go through
the wizard
• After completing the setup, the Security Group is ready to be
authenticated with the Management server
• Adding/removing SGMs from the Security Group is via “asg
security_group” util
• Deleting a Security Group is via “asg security_group” util
fail-over
Active
Down Standb
Active
• SG 2 is not y
affected
SSM:
SG1 SSH:
Let’s take over interface
eth1-01
Other
Now tointerface
Security
Security GroupsGroup
are 1not
eth1-01 SG 1 SG 2
allowed to take
belongs eth1-01
to SG 1 SGW VSX
SG 2 SmartDashboard
Let’s Try to add eth1-01 to
Push configuration failed with the
SG we’ll
Now 2 VSX
following object
error:
try to take a free interface SG 1 SG 2
(eth1-02)
Action is not permitted: eth1-01 belongs to a different SGW VSX
Security Group (ID: 1)
SG 2 SSH
Lastly, let’s try to take over
eth1-02 in SG1 SG 1 SG 2
SGW VSX