Check Point Maestro Hyperscale Orchestrator 140
Maestro Hyperscale Network Security

Overview:

Check Point Maestro introduces to the industry a new way to utilize current hardware investment and maximize appliance capacity in an easy-to-manage Hyperscale network security solution. With Maestro, organizations can simplify their workflow orchestration and scale up their existing Check Point security gateways on demand — the same way as they can spin up new servers and compute resources in public clouds.

Maestro orchestration enables expansion from a single Check Point gateway orchestration to the capacity and performance of 52 gateways in minutes, giving companies elastic flexibility and enabling massive Terabit/second firewall throughput.

Check Point Maestro brings scale, agility and elasticity of the cloud on premise with efficient N+1 clustering based on Check Point HyperSync technology, maximizing the capabilities of your existing security gateways. Create your own virtualized private-cloud premise by stacking multiple Check Point security gateways together. Group them by security feature set, policy or the assets they protect and further virtualize them with virtual systems technology. With the Maestro Hyperscale Orchestrator, businesses of all sizes can have cloud-level security on premise. Add compute to meet your needs using Maestro Web UI or RESTful APIs – all while minimizing the risk of downtime and maximizing your cost efficiency.

Scalability Has Never Been So Easy

Scale, as the business grows beyond any product in the industry with the Maestro Hyperscale Orchestrator

Maestro Scalable Threat Prevention Throughput

TRIPLE the Performance by Load Sharing with True LINEAR SCALE

Features:

Linear Scalability for Any Appliance

On demand expansion applicable to gateways of all sizes. Start large, become gaint.

Hyperscale Security System

With Maestro, you can start with two gateways and then can grow to up to 52 gateways. For example, when you start with 35.2 Gbps using two 16600HS gateways you can finish with an 850 Gbps security solution that supports over 500 million concurrent connections. Simply by using Check Point Maestro.

Hyperscale Orchestrator Connections

When a Security Group is created, an IP address is created for a Single Management Object connection to the security management server. Easily create and assign IP addresses to the internal and external network interfaces. These uplinks are the visible components of the Maestro security solution.

Fully Operational within Minutes

When we add a gateway to the system, it gets all the configurations, the policy, even the software version, updated and aligned with the existing deployment, ready to go within 6 minutes.

Maestro Traffic Distribution

HyperSync tracks the Active/Standby/Backup state of group members. Sync traffic is limited to only the Active and Standby members handling the connection.

Cost-Efficient N+1 Deployments

Now businesses of all sizes can enjoy cloud-level resiliency and telco-grade technology using the efficient Maestro N+1 clustering design.

Management:

Security Groups

With Maestro, you can dynamically allocate or deallocate compute resources within and between Security Groups to meet your needs. Security Groups are logical groups of appliances providing active/active cluster functionally segregated from other Security Groups. Each Security Group has dedicated internal and external interfaces and may have a different configuration set and policy, e.g. Next Generation Firewall protecting a data center or Next Generation Threat Prevention providing perimeter protection.

Single Management Object (SMO)

Externally a Security Group is seen as one security gateway or VSX gateway object in the Check Point security management GUI client, SmartConsole. A single IP address per Security Group for management communications and policy install simplifies Security Group management. All configurations, e.g. interfaces or IP addresses and routes are mirrored on gateways in the Security Group. Prior to becoming an online member and actively handling traffic each new member of the Security Group synchronizes its image, software configuration and security policy with the SMO of the Security Group.

Security Software

Maestro members run R80 SP, the latest version of the field-tested and proven software that was first introduced in 2012 on our Check Point chassis security systems and now integrated into our R80 main train release. The security feature set includes Next Generation Threat Prevention (NGTP) to protect you from known threats and SandBlast Zero-day Threat Protection to protect you from the unknown and zero-day threats. All Check Point Quantum security appliances in the Maestro solution include zeroday threat prevention for one year.

With R80 SP, you can monitor and manage the Maestro security fabric with a web browser connection to the management interface of the Maestro Orchestrator. Easily see the state of the gateways and the overall performance of your Security Group members. Do advanced configuration such as setting up network bonds, image management and system optimization.

Maestro web browser User Interface (UI)

Specifications:

Maestro Hyperscale Security Orchestrator 140 Simple Connection Example

The Hyperscale Orchestrator 140 is a mid-range model with 48x 10GbE and 8x 100 GbE ports with a total fabric capacity of 2 to 4 Tbps. The Hyperscale Orchestrator 170 is a high-end model with 32x 100 GbE ports and a total fabric capacity of 3.2 to 6.4 Tbps.

For redundancy, deploy two Orchestrators of the same model together. Security Group members connect to the Orchestrator via Direct Attached Copper (DAC) cables, either 10, 40 or 100 GbE depending upon the gateway and Orchestrator models deployed. The Orchestrator’s 300-nanosecond port-to-port latency deliver predictable wire speed performance with no packet loss for any packet size.

* Factory certificate

Documentation:

Download the Check Point Maestro Hyperscale Orchestrator Datasheet (PDF).