Internal Host Cannot Ping Virtual System

Possible Causes

How to Resolve

A policy allowing the communication was not installed on the Virtual System. Note that after creating a Virtual System, it has a Default Policy that blocks all traffic.

Install a policy on the Virtual System that enables the traffic. Check with the Logs & Monitor view that the Virtual System is allowing the traffic.

There is the VLAN configuration problem on a switch, or physical cable problem.

Check the switch configuration. Make sure that VLAN tag configured on the switch is the same as used for the Virtual System VLAN interface.

Check the cables, and make sure that you have plugged the cable from the switch to the correct port on the VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. / VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members.

Incorrect routing on adjacent routers or hosts.

Check the routing tables on intermediate routers and hosts. You can use tcpdump command on the relevant VLAN interface on the VSX Gateway / VSX Cluster Members to make sure that the traffic arrives to and leaves the VSX Gateway / VSX Cluster Members.

Incorrect IP address or net mask defined on the Virtual System VLAN interface.

Check the IP address and the net mask assigned to the Virtual System internal VLAN interface.