VSX Provisioning

The procedures for provisioning and configuring VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateways, clusters and Virtual Devices using the Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. model are essentially the same as described for the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. management model. The most important difference is that you must first create and configure each Domain and its associated Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. objects using the SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. connected to a Multi-Domain Server.

Each Domain Management Server is the functional equivalent of one VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.. You connect to each Domain Management Server with SmartConsole to work with network objects, security policiesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. and other objects for that VSX Gateway.

This is the basic workflow for provisioning a VSX environment in a Multi-Domain Server deployment:

  1. Define and configure Multi-Domain Server and Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS. as applicable for your deployment.

  2. Create and configure a Domain and Domain Management Server for each VSX Gateway and/or VSX ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..

  3. With SmartConsole, connect to the Domain Management Server to Creating a New VSX Gateway and/or VSX Cluster objects.

    Configure the default security policy for these objects as necessary.

  4. Define individual Domains and Domain Management Servers as required for your deployment.

  5. Creating a New Virtual System and other Virtual Devices for each Domain in the SmartConsole connected to that Domain.

Defining Multi-Domain Servers

This section briefly presents the procedures for installing and deploying Multi-Domain Server machines in a VSX / Multi-Domain Security Management environment. See the R80.20 Multi-Domain Security Management Administration Guide for conceptual information and detailed procedures for configuring Multi-Domain Servers and Domain Management Servers.

When working with Management High Availability, define at least two Multi-Domain Server machines. You can also use multiple Multi-Domain Server machines to efficiently distribute management traffic (management Load Sharing) with more than one Domain Management Server for each Domain. For a load sharing Load Sharing deployment, define a Domain Management Server for each Multi-Domain Server.