|
|
|
This section describes how to define and configure a Virtual Router. As with physical routers, each Virtual Router maintains a routing table containing entries that describe known networks and directions on how to reach them.
You can define Virtual Routers for both external and internal communications. A Virtual Router that connects to external networks, including a DMZ and the Internet, are referred to as an external Virtual Router. A Virtual Router that connects to internal, protected networks is known as an internal Virtual Router.
An external Virtual Router functions as the external gateway for Virtual Systems, allowing them to share a single secure physical interface leading to external networks and the Internet.
In this scenario, VSX creates Warp interfaces between the Virtual Systems and both Virtual Routers. Note that the external Virtual System interfaces are defined as unnumbered interfaces.
An internal Virtual Router typically connects with one interface leading to internal networks through a switch with additional Warp Links leading to other Virtual Systems located in the VSX Gateway.
After you create a new Virtual Router, add new interfaces to the Virtual Systems to connect to the Virtual Router.
Included Topics |
Use the Virtual Router Wizard to create a new Virtual Router. You can modify the initial definition and configure advanced options after you complete the wizard.
On interfaces and routes, you can select the Propagate route to adjacent Virtual Devices option to broadcast the IP address to neighboring Virtual Devices. This option enables connectivity with these Virtual Devices.
To create a Virtual Router:
If you are using Multi-Domain Security Management, open SmartDashboard from the Domain Management Server in which you are creating the Virtual System.
The General Properties page of the Virtual Router Wizard opens.
The Add Interface window opens.
The Route Configuration window opens.
Once you create a Virtual Router using the wizard, you can modify the topology and other properties using the Check Point Virtual Router window. This window also allows you to configure many advanced features and options that are not available in the wizard.
To work with a Virtual Router definition, double-click the Virtual Router object in the Object tree. The Check Point Virtual Router window opens, displaying the General Properties page.
The General Properties page enables you change the Virtual Router IP address as well as to add comments and change the icon color as displayed in SmartDashboard.
The Virtual Router Network Configuration page defines the network topology for the Virtual Router. For an external interface, you define one or more shared external interfaces and a default gateway.
Topology is defined by these properties:
To add an interface, click New. The Interface Properties window opens. Select an interface from the list and define the IP address, net mask and other properties.
You cannot delete a Virtual Router if it is still connected to a Virtual System. Remove all Virtual Router connections before deleting.
To delete a Virtual Router, right-click the appropriate Virtual Router object on the Object Tree and select Delete. Click Yes in the confirmation box.
