Print Download PDF Send Feedback

Previous

Next

Simplifying Security for Private Clouds

In This Section:

Introduction to Virtual Systems (VSX)

VSX Architecture and Concepts

Configuring a VSX Cluster

To Learn More About VSX

Introduction to Virtual Systems (VSX)

VSX Overview

VSX (Virtual System Extension) is a security and VPN solution for large-scale environments. VSX provides comprehensive protection for multiple networks or VLANs within complex infrastructures. It securely connects them to shared resources such as the Internet and/or a DMZ, and allows them to safely interact with each other.

VSX incorporates the same patented Stateful Inspection and Software Blades technology used in the Check Point Security Gateway product line. Administrators manage VSX using a Security Management Server or a Multi-Domain Server, delivering a unified management architecture for enterprises and service providers. The management server can be installed on a different machine than VSX, or on the same machine.

A VSX Gateway contains a complete set of virtual devices that function as physical network components, such as Security Gateway, routers, switches, interfaces, and even network cables. Centrally managed, and incorporating key network resources internally, VSX lets businesses deploy comprehensive firewall and VPN functionality, while reducing hardware investment and improving efficiency.

How VSX Works

Each Virtual System works as a Security Gateway, typically protecting a specified network. When packets arrive at the VSX Gateway, it sends traffic to the Virtual System protecting the destination network. The Virtual System inspects all traffic and allows or rejects it according to rules defined in the security policy.

In order to better understand how virtual networks work, it is important to compare physical network environments with their virtual (VSX) counterparts. While physical networks consist of many hardware components, VSX virtual networks reside on a single configurable VSX Gateway or cluster that defines and protects multiple independent networks, together with their virtual components.

Physical Network Topology

In a typical deployment with multiple Security Gateways, each protects a separate network. Each physical Security Gateway has interfaces to the perimeter router and to the network it protects.

Item

Description

1

Internet

2

Router

3

Security Gateways

4

Network

VSX Virtual Network Topology

Deploy one VSX Gateway with four Virtual Systems to protect multiple networks.

Item

Description

1

Internet

2

Router

3

VSX Gateway. Each Virtual System in a VSX environment is a Security Gateway, with the same security and networking functionality as a physical gateway. Each handles packet traffic to and from the one network it protects.

4

Warp Links. Virtual interfaces and network cables connect the Virtual Systems and the Virtual Switch.

5

Virtual Switch. Connects all the Virtual Systems to the Internet router.

6

Networks