|
|
In This Section: |
VSX (Virtual System Extension) is a security and VPN solution for large-scale environments based on the proven security of Check Point Security Gateway. VSX provides comprehensive protection for multiple networks or VLANs within complex infrastructures. It securely connects them to shared resources such as the Internet and/or a DMZ, and allows them to safely interact with each other. VSX is supported by IPS™ Services, which provide up-to-date preemptive security.
VSX incorporates the same patented Stateful Inspection and Software Blades technology used in the Check Point Security Gateway product line. Administrators manage VSX using a Security Management Server or a Multi-Domain Server, delivering a unified management architecture that supports enterprises and service providers.
A VSX Gateway contains a complete set of virtual devices that function as physical network components, such as Security Gateway, routers, switches, interfaces, and even network cables. Centrally managed, and incorporating key network resources internally, VSX lets businesses deploy comprehensive firewall and VPN functionality, while reducing hardware investment and improving efficiency.
VSX (Virtual System Extension) is a security and VPN solution for large-scale environments based on the proven security of Check Point Security Gateway. VSX provides comprehensive protection for multiple networks or VLANs within complex infrastructures. It securely connects them to shared resources such as the Internet and/or a DMZ, and allows them to safely interact with each other. VSX is supported by IPS™ Services, which provide up-to-date preemptive security.
VSX incorporates the same patented Stateful Inspection and Software Blades technology used in the Check Point Security Gateway product line. Administrators manage VSX using a Security Management Server or a Multi-Domain Server, delivering a unified management architecture that supports enterprises and service providers.
A VSX Gateway contains a complete set of virtual devices that function as physical network components, such as Security Gateway, routers, switches, interfaces, and even network cables. Centrally managed, and incorporating key network resources internally, VSX lets businesses deploy comprehensive firewall and VPN functionality, while reducing hardware investment and improving efficiency.
Term |
Definition |
|---|---|
VSX |
Virtual System Extension - Check Point virtual networking solution, hosted on a single computer or cluster containing virtual abstractions of Check Point Security Gateways and other network devices. These virtual devices provide the same functionality as their physical counterparts. |
VSX Gateway |
Physical server that hosts VSX virtual networks, including all virtual devices that provide the functionality of physical network devices. |
Management Server |
The Security Management Server or a Multi-Domain Security Management used by administrators to manage the VSX virtual network and its security policies. |
virtual device |
Generic term for any VSX virtual network component. |
Virtual System |
A virtual device that provides the functionality of a physical Security Gateway with all supported Software Blades. |
Virtual System in the Bridge Mode |
A Virtual System that implements native layer-2 bridging instead of IP routing, thereby enabling deployment of Virtual Systems in an existing topology without reconfiguring the IP routing scheme. |
Virtual Switch |
A virtual device that provides the functionality of a physical switch in a VSX deployment. |
Virtual Router |
A virtual device that provides the functionality of a physical router in a VSX deployment. |
Warp Link (wrp) |
A virtual interface that is created automatically in a VSX topology. |
Each Virtual System works as a Security Gateway, typically protecting a specified network. When packets arrive at the VSX Gateway, it sends traffic to the Virtual System protecting the destination network. The Virtual System inspects all traffic and allows or rejects it according to rules defined in the security policy.
In order to better understand how virtual networks work, it is important to compare physical network environments with their virtual (VSX) counterparts. While physical networks consist of many hardware components, VSX virtual networks reside on a single configurable VSX Gateway or cluster that defines and protects multiple independent networks, together with their virtual components.
The figure below shows a typical deployment with four physical Security Gateways, each protecting a separate network. Each Security Gateway is a separate, physical machine that is hard-wired to the perimeter router and its corresponding network.
The example shows how a single VSX Gateway with four Virtual Systems protects all four networks.
Each Virtual System in a VSX environment works as an individual Security Gateway, providing the same security and networking functionality as a physical gateway. This example also shows:
You can use the SmartDashboard toolbar to do these actions:
Icon |
Description |
|---|---|
Open the SmartDashboard menu. When instructed to select menu options, click this button to show the menu. For example, if you are instructed to select Manage > Users and Administrators, click this button to open the Manage menu and then select the Users and Administrators option. |
|
|
Save current policy and all system objects. |
|
Open a policy package, which is a collection of Policies saved together with the same name. |
|
Refresh policy from the Security Management Server. |
|
Open the Database Revision Control window. |
|
Change global properties. |
Verify Rule Base consistency. |
|
Install the policy on Security Gateways or VSX Gateways. |
|
Open SmartConsole. |
