Support Center > Search Results > SecureKnowledge Details
Multi-Domain Management Deployment on AWS Technical Level

Multi Domain Management environment including all features and functionalities can now be deployed on AWS with the below limitations.

You can read more on Multi Domain here:


  • Multi Domain Management Server IPs must be private static. (not AWS Elastic IPs).

  • The user must ensure connectivity between all Check Point objects across the Multi Domain environment, for example:

  - Multi Domain Servers and Multi Domain Log Servers.
- Domain Management Servers and Domain Log Servers.
- Security Gateways and more.

    All the above must be installed in the same VPC, or be connected over VPN, or VPC Peering, or AWS Direct    connect, etc.

    Lack of connectivity between the different objects might result in functional issues and failures.

    • For on-premise objects and Windows machine (for Smart Console usage), it is up to the user to establish connectivity with the Multi Domain environment which is deployed in AWS.

    • The number of Domains is limited by the number of IP's AWS supports per interface (changes based on the type/size of the server). The exact number can be found here:
    • Policy Installation from the MDS Domain level is not supported.

    Minimum Instance size requirements

    m4.4xlarge and up for r80.10 or m5.4xlarge and up for r80.20


    To deploy a Multi Domain Management Server in AWS, select and subscribe to the following licensing options:

    CloudGuard IaaS Multi Domain Management BYOL

    To purchase BYOL (bring your own licenses), contact your local Check Point Partner.

    Use the following CloudFormation template to deploy the Multi-Domain Management Server:

    Or directly launch the template from the Cloud Formation portal by clicking here:

    Note:  The above links are for versions R80.40 and above. for previous  versions please refer to sk111013.

    Note: When the management instance is started, it will automatically execute its own First Time Configuration Wizard. It can take up to 45 minutes for this step to complete.

    To check the Management Server's readiness, log in to the Expert mode and run the following command:


    When the Multi Management Server is ready, the output of the command shows that all processes are up.

    Note: The Automatic Provisioning Service will be enabled only on Primary Multi-Domain Server

    See also sk130372 - Security Management Server with CloudGuard for AWS

    To add a secondary IP

    1. Right-click on the MDS EC2 instance on the AWS console.

    2. Go to Networking -> Manage IP Addresses

    3. Add a private IP from your subnet. 

    This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

    Give us Feedback
    Please rate this document