Monday, December 13, 2010

Best practices Checkpoint Provider-1

Best practices Checkpoint Provider-1
1. MLM and MDS server recommended to place in firewall protected segment.
· This is to ensure those Provider-1 servers are available and not flooded with broadcast traffic.
2. Traffic between MLM, MDS and all gateways recommended to route through high consistent network paths.
· This is to ensure smooth communication between the devices, due to which we can reduce the load on the firewall modules(if the CMAs are not reachable due to any of the reason firewall gateways start logging to their local hardware, this is may increase resource utilization on firewall gateways.)
3. Scheduled backups of MDS primary and backup servers.
· This is to ensure that we have most appropriate backup all the times to rebuild the servers in case of any server hardware failure.
4. Scheduled fail-over test between MDS servers and CMAs.
· This is to ensure all the configuration is getting replicated across the servers.
5. Scheduled server hardware refresh (reboot).
· This is to ensure the server hardware is capable enough to handle any intended system reboots.
6. Scheduled manual HDD space monitor.
· This is to ensure that sufficient HDD space available for the application to run smoothly.
7. Schedule backups of MLM log files and file system.
· Due to this we can ensure that we have logs for the specific period of time.
8. Backup of entire file system of the server before any OS / Application patch or upgrade.
· This is to ensure quick revert back of the server.
9. Scheduled removal/cleaning of unused objects and unused rules for the global rulebase as well as on each of the CMAs rulebases.
· This is to ensure to keep Provider-1 database optimized and for improving the gateway performance as well.
10. Load sharing of CMAs across MDS servers.
· This ensures effective utilization of server hardware, due to which the response of the application is improved.
11. ICA (Internal Certificate Authority) expiry verification of all gateways, CMAs and MDS.
· This is to ensure Provider-1 infrastructure running smoothly.

No comments: