Checkpoint 156-836 Practice Test - Questions Answers, Page 2

Security groups are used to simplify management and policy enforcement across multiple devices or network segments, often offering redundancy and load balancing features

The Orchestrator is a Maestro component that manages the compute and network resources of the Security Group Modules (SGMs) in a Security Group. It also acts as a load balancer and a network switch, distributing traffic among the SGMs and connecting them to the customer's network infrastructure.

* Maestro Expert (CCME) Course - Check Point Software, page 41

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

The Correction Layer is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT is involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.

* NAT and the Correction Layer on a Security Gateway - Check Point Software1

* Solved: Maestro queries - Check Point CheckMates

The Correction Layer mechanism is a Maestro component that ensures that packets from the same connection are handled by the same Security Group Module (SGM) in a multi-appliance system. This is especially important when NAT or VPNs are involved, as packets sent from the client to the server can be distributed to a different SGM than packets from the same session sent from the server to the client. The Correction Layer must then forward the packet to the correct SGM.

* NAT and the Correction Layer on a VSX Gateway - Check Point Software1

* Solved: Maestro queries - Check Point CheckMates

A Security Group (SG) requires at least one management port and one uplink port to function properly. The management port is used to connect the SG to the Maestro Hyperscale Orchestrator (MHO) and the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. The uplink port is used to connect the SG to the customer's network infrastructure, such as switches, routers, or firewalls. The uplink port is also used to send and receive traffic from the customer's network to the SG.

* Maestro Expert (CCME) Course - Check Point Software, page 41

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

The maximum number of appliances within the same security group is 31. This is because a security group can have up to 31 Security Group Modules (SGMs) of the same or different models, and each SGM is an appliance that runs the Check Point software. A security group can span across multiple chassis, and each chassis can have up to 16 SGMs. However, the total number of SGMs in a security group cannot exceed 31.

* Maestro Expert (CCME) Course - Check Point Software, page 51

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline

According to the Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-175 document1, ports 1 - 4 are Management ports that are used to connect the MHO to the customer's management infrastructure, such as SmartConsole or SmartDomain Manager. Ports 5 - 26 are Uplink ports that are used to connect the MHO to the customer's network infrastructure, such as switches, routers, or firewalls. Ports 27 - 47 are Downlink ports that are used to connect the MHO to the Security Group Modules (SGMs) in the Security Group. Ports 49 - 55 are Backplane ports that are used to connect the MHO to another MHO in a Dual Orchestrator environment.

* Maestro Expert (CCME) Course - Check Point Software, page 42

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3

* Port Mapping for the Check Point Maestro HyperScale Orchestrator MHO-1751

According to the Maestro Hyperscale Orchestrator Datasheet1, the Orchestrator MHO-140 supports the following transceiver types: SFP, SFP+, SFP28. These transceivers can be used for the management, uplink, and downlink ports of the Orchestrator. The SFP transceivers support 1 GbE, the SFP+ transceivers support 10 GbE, and the SFP28 transceivers support 25 GbE.

* Maestro Expert (CCME) Course - Check Point Software, page 42

* Check Point Certified Maestro Expert (CCME) R81.X - Global Knowledge, course outline3

* Maestro Hyperscale Orchestrator Datasheet - Check Point Software, page 2