|
|
|
When using a remote Management Server (Security Management Server or Multi-Domain Server), management traffic travels via an internal or external network to a VSX Gateway to the management interface. This architecture segregates management traffic from all other traffic passing through the VSX Gateway.
Check Point recommends that remote management connections use a dedicated management interface (DMI) that connects directly to a router or switch that leads to the external network or the Internet.
Item |
Description |
|
Item |
Description |
|---|---|---|---|---|
1 |
SmartConsole |
|
9 |
Virtual Switch |
2 |
Management Server |
|
10 |
Warp Link |
3 |
Management traffic |
|
11 |
Virtual System 1 |
4 |
Internet |
|
12 |
Virtual System 2 |
5 |
Router |
|
13 |
Switch |
6 |
Dedicated management interface (eth0) |
|
14 |
Network 1 |
7 |
External interface |
|
15 |
Network 2 |
8 |
VSX Gateway |
|
|
|
You can choose to use a non-dedicated management interface by connecting a Virtual Router or Virtual Switch to the management interface.
When management traffic passes through a Virtual Router or Virtual Switch, you must ensure that the associated Warp Link IP address originates from the remote network. Furthermore, if the remote management connection arrives via the Internet, you must assign a routable, public IP address.
