VSX Architecture and Concepts
The VSX Gateway
A VSX Gateway
Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. is a physical machine that hosts virtual networks of Virtual Devices, with the functionality of their physical network counterparts such as: Security Gateways, routers and switches.
A VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway handles these tasks:
-
Communicates with the Management Server
Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. to deploy, configure, and manage all Virtual Devices. -
Manages state synchronization for High Availability and for Load Sharing in cluster
Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. deployments.
Management Server Connections
A Management Server (Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.) connects to the VSX Gateway and provides provisioning and configuration services for Virtual Devices located on the VSX Gateway. You can connect the Management Server to the VSX Gateway using one of the following scenarios.
-
Local Connection: The Management Server connects directly to the VSX Gateway using a dedicated management interface.
-
Remote Connection: The Management Server connects remotely from an external or internal network by means of a router connected to a management interface. This method ensures segregation of management traffic from all other traffic.
Local Management Connection
When using a local Management Server (Security Management Server or Multi-Domain Server), all management traffic is handled by a Dedicated Management Interface Separate physical interface on VSX Gateway or VSX Cluster Members, through which Check Point Security Management Server or Multi-Domain Server connects directly to VSX Gateway or VSX Cluster Members. DMI is restricted to management traffic, such as provisioning, logging and monitoring. Acronym: DMI. (DMI) that connects the Management Server with the VSX Gateway. The dedicated management interface IP address can be either private or public.
|
Item |
Description |
|
Item |
Description |
|
1 |
Network 1 |
|
6 |
VSX Gateway |
|
2 |
Network 2 |
|
7 |
Router |
|
3 |
Network 3 |
|
8 |
Internet |
|
4 |
Network 4 |
|
9 |
Management Server |
|
5 |
Switch |
|
10 |