Virtual Devices

This section describes virtual network components and their characteristics.

Virtual System

A Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. is a virtual security and routing domain that provides the functionality of a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. with full Firewall and VPN facilities. Multiple Virtual Systems can run concurrently on one VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0..

Virtual System Autonomy

Each Virtual System functions independently. Each Virtual System maintains its own Software Blades, interfaces, IP addresses, routing table, ARP table, and dynamic routing configuration. Each Virtual System also maintains its own:

• State Tables: Each Virtual System has its own kernel tables with configuration and runtime data, such as active connections and IPsec tunnel information.

• Security and VPN policies: Each Virtual System enforces its own security and VPN Policies (including INSPECT code). Policies are retrieved from the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. and stored separately on the local disk and in the kernel. In a Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. environment, each Domain database is maintained separately on the Management Server and on the VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway.

• Configuration Parameters: Each Virtual System maintains its own configuration, such as IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). settings and TCP/UDP time-outs. Different Virtual Systems can run in layer-2 or layer-3 mode and co-exist on the same VSX Gateway.

• Logging Configuration: Each Virtual System maintains its own logs and runs logging according to its own rules and configuration.