Adding a VSX Cluster

Description

This command adds a new VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object.

Syntax

add vsx type cluster name <Name of VSX Cluster Object> version <Version> main_ip <Main Virtual IPv4 Address> main_ip6 <Main Virtual IPv6 Address> cluster_type {vsls | ha | crbm} sync_if_name <Name of Sync Interface> sync_netmask <Sync Interface Netmask> [rule_snmp {enable | disable}] [rule_ssh {enable | disable}] [rule_ping {enable | disable} [rule_ping6 {enable | disable}] [rule_https {enable | disable}] [rule_drop {enable | disable}]

Important - You must run the "add vsx_member" command for each VSX Cluster MemberClosed Security Gateway that is part of a cluster. in the same transaction as the "add vsx type cluster name" command.

Parameters

Parameter

Value

Notes

type

cluster

You must use the value "cluster" to add a new VSX Cluster object.

name <Name of VSX Cluster Object>

Object name

Defines the name of the VSX Cluster object.

You cannot use spaces of Check Point reserved words.

version <Version>

Check Point version

Defines the Check Point version of the VSX Cluster object.

You must enter the exact version as appears in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. (case-sensitive).

main_ip <Main Virtual IPv4 Address>

IPv4 Address

Defines the main IPv4 Virtual Address of the VSX Cluster object.

main_ip6 <Main Virtual IPv6 Address>

IPv6 Address

Defines the main IPv6 Virtual Address of the VSX Cluster object.

cluster_type {vsls | ha | crbm}

Cluster type

Defines the cluster type.

Enter one of these:

sync_if_name <Name of Sync Interface>

Sync interface name

Defines the name of the Cluster Synchronization interface.

sync_netmask <Sync Interface Netmask>

IPv4 Network mask

Defines an IPv4 Netmask for the Cluster Synchronization interface (in a dot-quad format X.X.X.X).

rule_snmp {enable | disable}

  • enable

  • disable

Controls how to process all SNMP packets sent to the VSX Cluster Members:

  • enable - Allows all SNMP packets

  • disable - Drops all SNMP packets (default)

rule_ssh {enable | disable}

  • enable

  • disable

Controls how to process all SSH packets sent to the VSX Cluster Members:

  • enable - Allows all SSH packets

  • disable - Drops all SSH packets (default)

rule_ping {enable | disable}

  • enable

  • disable

Controls how to process all ICMP Echo Request (ping) packets sent to the VSX Cluster Members:

  • enable - Allows all IPv4 ping packets

  • disable - Drops all IPv4 ping packets (default)

rule_ping6 {enable | disable}

  • enable

  • disable

Controls how to process all ICMPv6 Echo Request (ping) packets sent to the VSX Cluster Members:

  • enable - Allows all IPv6 ping packets

  • disable - Drops all IPv6 ping packets (default)

rule_https {enable | disable}

  • enable

  • disable

Controls how to process all HTTPS packets sent to the VSX Cluster Members:

  • enable - Allows all HTTPS packets

  • disable - Drops all HTTPS packets (default)

rule_drop {enable | disable}

  • enable

  • disable

Controls how to process all packets (other than SNMP, SSH, ICMP, ICMPv6, HTTPS) sent to the VSX Cluster Members:

  • enable - Drops all other packets (default)

  • disable - Allows all other packets

Example

vsx_provisioning_tool -s localhost -u admin -p mypassword -o add vsx name VSX1 type cluster cluster_type vsls main_ip 192.168.1.1 version R81 sync_if_name eth3 sync_netmask 255.255.255.0 rule_ssh enable rule_ping enable