Script Examples

Note - Line numbers in the left column are written only to make it easier to read the examples.

Example 1

Create a Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. connected to a Virtual RouterClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR..

Add a default route on the Virtual System that routes the traffic to the Virtual Router.

Add applicable routes on the Virtual Router to route the traffic to the Virtual System.

1

2

3

4

 

5

6

7

8

 

9

10

11

12

13

14

15

transaction begin

add vd name VR1 vsx VSX1 type vr

add interface name eth3.100 ip 10.0.0.1/24

transaction end

 

transaction begin

add vd name VR2 vsx VSX2 type vr

add interface name eth3.200 ip 20.0.0.1/24

transaction end

 

transaction begin

add vd name VS1 vsx VSX1

add interface leads_to VR1 ip 192.168.1.1/32

add interface name eth4.20 ip 192.168.20.1/24 propagate true

add route destination default leads_to VR1

add route destination 192.168.40.0/25 next_hop 192.168.20.254

transaction end

Example 2

Create a Virtual System connected to a Virtual SwitchClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW., with manual topology.

1

2

3

4

 

5

6

7

8

9

10

11

transaction begin

add vd name VSW1 vsx VSX1 type vsw vs_mtu 1400

add interface name eth3.100

transaction end

 

transaction begin

add vd name VS1 vsx VSX1 calc_topo_auto false

add interface leads_to VSW1 ip 10.0.0.1/24 ip6 2001::1/64 topology external

add interface name eth4.20 ip 192.168.20.1/25 ip6 2020::1/64 topology internal_this_network

add route destination default next_hop 10.0.0.254

add route destination default6 next_hop 2001::254

transaction end

Example 3

Add CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances to the Virtual System made in the last example.

Turn on automatic calculation of topology.

Change the name of the internal interface, and decrease its MTU.

1

2

3

4

transaction begin

set vd name VS1 instances 4 instances6 2 calc_topo_auto true

set interface name eth4.20 new_name eth4.21 mtu 1400

transaction end