Modifying a Virtual System
Once you create a Virtual System using the wizard, you can modify the topology and other properties using the window.
To modify a Virtual System:
From the tree, double-click the Virtual System object. The window opens.
Virtual System - General Properties
The General Properties page lets you specify the main IP address and to enable various Check Point products for a Virtual System.
Virtual System - Topology
The Topology page contains definitions for Virtual System interfaces, routes and Warp Links. Based on these interface settings, VSX automatically creates routes to Virtual Devices and the VSX Gateway.
|
Note - If you modify the topology for a specific Virtual System in a cluster environment, the cluster topology is not updated until you install a policy on that Virtual System.
|
- Interfaces: The Interfaces table defines interfaces and links to devices. You can add new interfaces as well as delete and modify existing interfaces.
To add an interface, click New and select one of these options:
The window opens. Select the interface from the list and define the appropriate properties. The Modifying an Interface Definition section and the online help provides explanations of the various properties and options.
Click > to copy the table in CSV format.
- Routes: To add a default route to the Routes table, click Add Default Routes and either enter an IP address or select a Virtual Router. The Route Configuration window opens. Click Help for details regarding the various properties and options. You can also add, change and remove routes.
- Calculate topology automatically based on routing information: Enable this option to allow VSX to automatically calculate the network topology based on interface and routing definitions (enabled by default). VSX creates automatic links, or connectivity cloud objects linked to existing internal or external networks.
- When this option is enabled, you cannot configure the topology using Topology tab in the Interface Properties window. These options are unavailable on the tab.
- This option is not available in the Bridge Mode.
- When employing dynamic routing, it is recommended to disable this option.
- VPN Domain: The VPN Domain defines the set of hosts located behind a given Virtual System that communicate via a VPN tunnel with peer Virtual Systems. These options are only available if you selected VPN in the Check Point Products section on the General Properties page.
When including a Virtual Device as part of a VPN connection, you must specify a VPN Domain. The domain definition specifies Virtual System interfaces that are included in the VPN. You can define a VPN Domain in one of two ways by enabling the appropriate option:
- All IP Addresses behind gateway based on topology information: Includes all hosts not located behind an external gateway cluster interface.
- Manually Defined: Includes all hosts in the selected network or group.
Virtual System - NAT > Advanced
The > page lets you configure NAT rules for packets originating from a Virtual System.
To enable and configure NAT for a Virtual System:
- Select .
- Select a translation method:
- : Hide NAT only allows connections originating from the internal network. Internal hosts can access internal destinations, the Internet and other external networks. External sources cannot initiate a connection to internal network addresses.
- : Static NAT translates each private address to a corresponding public address.
- If you select , select one of these options:
- hides the real IP address behind the Virtual System external interface IP address,
or
- hides the real address behind a virtual IP address, which is a routable, public IP address that does not belongs to any real machine.
- If you selected , enter the static IP address in the appropriate field.
- Select the VSX Gateway from the list.
Deleting a Virtual System
To delete a Virtual System, right-click the appropriate Virtual System object on the Object Tree and select Delete. Click Yes in the confirmation box.
