Script Examples

Note - Line numbers in the left column are written only to make it easier to read the script examples.

Example 1

Create a Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. connected to a Virtual RouterClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR..

Add a default route on the Virtual System that routes the traffic to the Virtual Router.

Add applicable routes on the Virtual Router to route the traffic to the Virtual System.

Line

Command

1

transaction begin

2

add vd name VR1 vsx VSX1 type vr

3

add interface name eth3.100 ip 10.0.0.1/24

4

transaction end

 

 

5

transaction begin

6

add vd name VR2 vsx VSX2 type vr

7

add interface name eth3.200 ip 20.0.0.1/24

8

transaction end

 

 

9

transaction begin

10

add vd name VS1 vsx VSX1

11

add interface leads_to VR1 ip 192.168.1.1/32

12

add interface name eth4.20 ip 192.168.20.1/24 propagate true

13

add route destination default leads_to VR1

14

add route destination 192.168.40.0/25 next_hop 192.168.20.254

15

transaction end

Example 2

Create a Virtual System connected to a Virtual SwitchClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW., with manual topology.

Line

Command

1

transaction begin

2

add vd name VSW1 vsx VSX1 type vsw vs_mtu 1400

3

add interface name eth3.100

4

transaction end

 

 

5

transaction begin

6

add vd name VS1 vsx VSX1 calc_topo_auto false

7

add interface leads_to VSW1 ip 10.0.0.1/24 ip6 2001::1/64 topology external

8

add interface name eth4.20 ip 192.168.20.1/25 ip6 2020::1/64 topology internal_this_network

9

add route destination default next_hop 10.0.0.254

10

add route destination default6 next_hop 2001::254

11

transaction end

Example 3

Add CoreXLClosed Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances to the Virtual System made in the last example.

Turn on automatic calculation of topology.

Change the name of the internal interface, and decrease its MTU.

Line

Command

1

transaction begin

2

set vd name VS1 instances 4 instances6 2 calc_topo_auto true

3

set interface name eth4.20 new_name eth4.21 mtu 1400

4

transaction end