VSX Cluster in Bridge Mode

For more information, see the R80.40 Installation and Upgrade Guide > Chapter Special Scenarios for Security Gateways > Section Deploying a Security Gateway or a ClusterXL in Bridge Mode.

Enabling Active/Standby Bridge Mode on a New VSX Cluster

  1. During the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. First Time Configuration Wizard of each VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster MemberClosed Security Gateway that is part of a cluster., on the Products page, select ClusterXL.

  2. After the First Time Configuration Wizard is complete and reboot:

  3. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Main Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that manages this VSX Cluster.

  4. From the left navigation panel, click Gateways & Servers.

  5. Double-click the VSX Cluster object.

    The VSX Cluster Properties window opens.

  6. From the left tree, click Other > VSX Bridge Configuration.

  7. Select Check Point ClusterXL.

    The Active/Standby Bridge Mode loop detection algorithms in ClusterXL are enabled.

  8. Click OK.

  9. Install the VSX Policy on the VSX Cluster object.

    The name of this policy is:

    <Name of VSX Cluster Object>_VSX

Enabling Active/Standby Bridge Mode on an Existing VSX Cluster

  1. Connect with SmartConsole to the Security Management Server or Main Domain Management Server that manages the VSX Cluster.

  2. From the left navigation panel, click Gateways & Servers.

  3. Double-click the VSX Cluster object.

    The VSX Cluster Properties window opens.

  4. From the left tree, click Other > VSX Bridge Configuration.

  5. Select Check Point ClusterXL.

    The Active/Standby Bridge Mode loop detection algorithms in ClusterXL are enabled.

  6. Click OK.

  7. Install the VSX Policy on the VSX Cluster object.

    The name of this policy is:

    <Name of VSX Cluster Object>_VSX

  8. On each VSX Cluster Member:

    1. Connect to the command line.

    2. Log in to the Expert mode.

    3. Run:

      cpconfig

    4. Select Enable ClusterXL for Bridge Active/Standby.

    5. Exit from the cpconfig menu.

    6. Reboot.

Enabling Active/Active Bridge Mode on an Existing VSX Cluster

  1. Connect with SmartConsole to the Security Management Server or Main Domain Management Server that manages the VSX Cluster.

  2. From the left navigation panel, click Gateways & Servers.

  3. Double-click the VSX Cluster object.

    The VSX Cluster Properties window opens.

  4. From the left tree, click Other > VSX Bridge Configuration.

  5. Select Standard Layer 2 Loop Detection Protocols.

  6. Click OK.

  7. Install the VSX Policy on the VSX Cluster object.

    The name of this policy is:

    <Name of VSX Cluster Object>_VSX

  8. On each VSX Cluster Member:

    1. Connect to the command line.

    2. Log in to the Expert mode.

    3. Run:

      cpconfig

    4. Select Disable ClusterXL for Bridge Active/Standby.

    5. Exit from the cpconfig menu.

    6. Reboot.