PDA

View Full Version : Installing both Gateway and mgmt server on same platform



gajendra229
2016-09-03, 09:05
Advantages & Disadvantage of installing both Gateway and mgmt server on same platform

Christoph
2016-09-03, 12:19
Advantages & Disadvantage of installing both Gateway and mgmt server on same platform
Imho if the need arises to go from a standalone to a distributed environment you wish you would have gone distributed in the first place.
Then if you have problems with the management you're at the same time have to work on the production firewall.
Performance issues with smaller deployments come to mind.
It makes everything more complicated for the costs of a (few) virtual machines.
I see no advantages in a standalone deployment.

RayPesek
2016-09-03, 22:26
Absolutely agreed. It takes a lot more horsepower to run both on the same box and performance when installing policies is noticeably slower. You also can run the gateway without a management server so if you have an issue when upgrading the SmartCenter, you're dead when both are on the same box. When the SmartCenter is on a separate box you can upgrade it without worrying if you're going to screw up the firewall itself. It's far less riskier to separate them for a number of reasons.

mcnallym
2016-09-06, 03:10
Imho if the need arises to go from a standalone to a distributed environment you wish you would have gone distributed in the first place.
Then if you have problems with the management you're at the same time have to work on the production firewall.
Performance issues with smaller deployments come to mind.
It makes everything more complicated for the costs of a (few) virtual machines.
I see no advantages in a standalone deployment.

There is 1. Price. When you buy an Appliance then contains the Management and Gateway License. If you deploy the Management Seperately then requires purchase separate Management License.
If doing a HA System and single Cluster then you can deploy Full Cluster with Management and Gateway on the Check Point Cluster ( assuming buying Appliances ).

You can alleviate some of the perform hit by making the 1 System Active for the Gateway and 1 System Active for the Mgmt parts.

However the issues that can have with upgrades being more complicated etc outway that Price advantage IMHO.

I always recommend Distributed with separate Management Server.

gajendra229
2016-09-06, 03:19
Thanks for the answer guys............Appreciate your quick help.