Configuring a VSX Gateway

The 61000 Security System can work as a Security Gateway or as a VSX Gateway.

This procedure shows how to configure a VSX Gateway in SmartDashboard.

Before creating the VSX Gateway

It is important to know how VSX works, and understand the VSX architecture and concepts. It is also important to understand how to deploy and configure your security environment using VSX Virtual Devices:

• Virtual System
• Virtual System in Bridge Mode
• Virtual Switch

To learn about how VSX works, architecture, concepts and Virtual Devices, see the R76 VSX Administration Guide.

The VSX Gateway Wizard

The VSX Gateway in this example has one Virtual System (VS0) and one dedicated management interface.

After you complete the VSX Gateway Wizard, you can change the VSX Gateway definition from SmartDashboard. For example, you can add Virtual Systems, add or delete interfaces, or configure existing interfaces to support VLANs.

Note - Do not enable IPv6 before you create and configure a new VSX Gateway. This can cause system instability. You must first create the new VSX Gateway and then enable and configure IPv6 using gclish. There can be some variations in the Creation Wizard steps due to release updates. In these cases, do the instructions on the screen.

To start the VSX Gateway wizard:

1. Open SmartDashboard.

   If you are using Multi-Domain Security Management, open SmartDashboard from the Domain Management Server of the VSX Gateway.

2. From the Network Objects tree, right-click Check Point and select VSX > Gateway.

   The General Properties page of the VSX Gateway Wizard opens.

Related Topics Wizard Step 1: Defining VSX Gateway General Properties Wizard Step 2: Selecting Virtual Systems Creation Templates Wizard Step 3: Establishing SIC Trust Wizard Step 4: Defining Physical Interfaces Virtual Network Device Configuration Wizard Step 6: VSX Gateway Management Completing the VSX Wizard Confirming the VSX Gateway Software Configuration

Wizard Step 1: Defining VSX Gateway General Properties

Configure these parameters on the General Properties page:

• VSX Gateway Name: Unique, alphanumeric name for the VSX Gateway. The name cannot contain spaces or special characters except the underscore.
• VSX Gateway IPv4 Address: Management interface IPv4 address.
• VSX Gateway IPv6 Address: Management interface IPv6 address.
• VSX Gateway Version: Select the VSX version installed on the VSX Gateway from the drop-down list.

Wizard Step 2: Selecting Virtual Systems Creation Templates

The Creation Templates page lets you configure predefined, default topology and routing definitions for Virtual Systems. This makes sure that Virtual Systems are consistent and makes the definition process faster. You always have the option to override the default creation template when you create or change a Virtual System.

The Creation Templates are:

• Shared Interface - Not supported for the Scalable Platform.
• Separate Interfaces: Virtual Systems use their own separate internal and external interfaces. This template creates a Dedicated Management Interface (DMI) by default.
• Custom Configuration: Define Virtual System, Virtual Switch, and Interface configurations.

For this example, choose Custom configuration.

Wizard Step 3: Establishing SIC Trust

Initialize SIC trust between the VSX Gateway and the management server. The gateway and server cannot communicate without Trust.

Initializing SIC Trust

When you create a VSX Gateway, you must enter the Activation Key that you defined in the installation wizard setup program. Enter and confirm the activation key and then click Initialize. If you enter the correct activation key, the Trust State changes to Trust established.

Wizard Step 4: Defining Physical Interfaces

In the VSX Gateway Interfaces window, define physical interfaces as VLAN trunks. The window shows the interfaces currently defined on the VSX Gateway.

To define an interface as a VLAN trunk, select VLAN Trunk for the interface.

Virtual Network Device Configuration

If you chose the Custom Configuration option, the Virtual Network Device Configuration window opens. In this window, define a Virtual Device with an interface shared with the VSX Gateway. If you do not want to define a Virtual Device at this time, click Next to continue.

To define a Virtual Device with a shared interface:

1. Select Create a Virtual Device.
2. Select the Virtual Network Device type (Virtual Router or Virtual Switch).
3. Select the shared physical interface to define a non-DMI gateway.

   Do not select the management interface if you want to define a Dedicated Management Interface (DMI) gateway. If you do not define a shared Virtual Device, a DMI gateway is created by default.

   Important - This setting cannot be changed after you complete the VSX Gateway Wizard. If you define a non-DMI gateway, you cannot change it to a DMI gateway later.

4. Define the IP address and Net Mask for a Virtual Router.

   These options are not available for a Virtual Switch.

5. Optional: Define a Default Gateway for a Virtual Router (DMI only).