Preparing the VSX Gateway or each VSX Cluster Member

Item

Description

1

Select a designated physical interface for Mirror and Decrypt on the VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0., or each VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster MemberClosed Security Gateway that is part of a cluster..

Important - On VSX ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members, you must select an interface with the same name (for example, eth3 on each VSX Cluster Member).

2

Do not configure an IP address on this designated physical interface.

3

Configure the required Maximum Transmission Unit (MTU) on this designated physical interface.

MTU has to be the default 1500, or at least the maximal MTU value from other interfaces on the VSX Gateway, or VSX Cluster Member.

For instructions about configuring an MTU on a physical interface, see R80.40 Gaia Administration Guide - Chapter Network Management - Section Network Interfaces - Section Physical Interfaces.

4

Important - In VSX Cluster, you must configure this designated physical interface in the $FWDIR/conf/discntd.if file on each VSX Cluster Member.

  1. Connect to the command line.

  2. Log in to the Expert mode.

  3. Go to the context of the Virtual System 0:

    vsenv 0

    Output shows:

    Context is set to Virtual Device <Name of VSX Gateway> (ID 0).

  4. Create the $FWDIR/conf/discntd.if file:

    touch $FWDIR/conf/discntd.if

  5. Edit the $FWDIR/conf/discntd.if file in the Vi editor:

    vi $FWDIR/conf/discntd.if

  6. Write the name of the designated physical interface. After the interface name, you must press Enter.

    Note - Comments are not allowed in this file.

  7. Save the changes in the file and exit the Vi editor.

Note - To apply the configuration from the file and make it persistent, install an Access Control Policy on the VSX Cluster object. You install the Access Control Policy later, after the required configuration steps in the SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..