Check Point Maestro brings scale, agility and elasticity of the cloud on premise with efficient N+1 clustering based on Check Point HyperSync technology, maximizing the capabilities of your existing security gateways.
Create your own virtualized private-cloud premise by stacking multiple Check Point security gateways together. Group them by security feature set, policy or the assets they protect and further virtualize them with virtual systems technology. With the Maestro Hyperscale Orchestrator, businesses of all sizes can have cloudlevel security on premise. Add compute to meet your needs using Maestro Web UI or RESTful APIs - all while minimizing the risk of downtime and maximizing your cost efficiency.
Security at Hyperscale
On demand expansion available to gateways of all sizes
Operational Supremacy
Opening up new simple ways to architect and manage cyber security
Cloud-Level Resiliency
Delivering the highest standard of resiliency with Telco-Grade Technology
The Hyperscale Orchestrator 140 is a mid-range model with 48x 10GbE and 8x 100 GbE ports with a total fabric capacity of 1.28 Tbps. The Hyperscale Orchestrator 175 is a high-end model with 32x 100 GbE ports and a total fabric capacity of 3.2 Tbps.
For redundancy, deploy two Orchestrators of the same model together. Security Group members connect to the Orchestrator via Direct Attached Copper (DAC) cables, either 10, 40 or 100 GbE depending upon the gateway and Orchestrator models deployed. The Orchestrator's 300-nanosecond port-to-port latency deliver predictable wire speed performance with no packet loss for any packet size.
SPOTLIGHT ON MANAGEMENT | Security Groups
With Maestro, you can dynamically allocate or deallocate compute resources within and between Security Groups to meet your needs. Security Groups are logical groups of appliances providing active/active cluster functionally segregated from other Security Groups. Each Security Group has dedicated internal and external interfaces and may have a different configuration set and policy, e.g. Next Generation Firewall protecting a data center or Next Generation Threat Prevention providing perimeter protection.
Single Management Object (SMO)
Externally a Security Group is seen as one security gateway or VSX gateway object in the Check Point security management GUI client, SmartConsole. A single IP address per Security Group for management communications and policy install simplifies Security Group management. All configurations, e.g. interfaces or IP addresses and routes are mirrored on gateways in the Security Group. Prior to becoming an online member and actively handling traffic each new member of the Security Group synchronizes its image, software configuration and security policy with the SMO of the Security Group.
Security Software
Maestro members run R80 SP, the latest version of the field-tested and proven software that was first introduced in 2012 on our Check Point chassis security systems and now integrated into our R80 main train release. The security feature set includes Next Generation Threat Prevention (NGTP) to protect you from known threats and SandBlast Zero-day Threat Protection to protect you from the unknown and zero-day threats. All Check Point Quantum security appliances in the Maestro solution include zero-day threat prevention for one year.
