Interfaces

This section describes the various types of interfaces and how they are used in a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. configuration.

Interface Types

The principal interface types are:

Physical Interface
VLAN interface
Warp Link Logical interface that is created automatically in a VSX topology between: (1) Virtual System and Virtual Switch (2) Virtual System and Virtual Router. Acronym: WRP. (including unnumbered interfaces)

Item	Description	Item	Description
1	Internet	8	Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.
2	Router	9	Virtual Switch Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW.
3	Physical interface	10	Warp interface
4	VLAN Switch	11	Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. 1
5	Network 1	12	Virtual System 2
6	Network 2	13	VLAN Interface
7	VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.	14	VLAN Trunk

Notes:

Warp Links connect the Virtual Switch to each Virtual System.
A Physical Interface connects the Virtual Switch to an external router leading to the Internet.
VLAN Interfaces connect the Virtual Systems to the VLAN Switch, via A VLAN trunk.
The VLAN switch connects to the protected networks.

Physical Interfaces

Physical interfaces connect a VSX Gateway to Management Server and to internal and external networks.

There are different types of physical interfaces used in a VSX Gateway:

Dedicated Management Interface: Connects the VSX Gateway to the Management Server when it is locally managed.

If the VSX Gateway is remotely managed, the management connection arrives through the external or internal interface.
External interface: Connects the VSX Gateway to the Internet or other untrusted networks.
Internal Interface: Connects the VSX Gateway to a protected network.
Synchronization Interface: Connects one VSX Cluster Member Security Gateway that is part of a cluster. to other VSX Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members for state synchronization.

You can install and configure more physical interfaces to a Virtual Device Logical object that emulates the functionality of a type of physical network object. Virtual Device can be on of these: Virtual Router, Virtual System, or Virtual Switch. as required.

A VSX Gateway can theoretically contain as many physical interfaces as permitted by VSX Gateway hardware and memory constraints.

VLAN Interfaces

Virtual Systems typically connect to protected VLAN networks using IEEE 802.1q compliant VLAN Interfaces.

The networks are connected to ports on an 802.1q-compliant switch that trunks all traffic via a single physical interface to the VSX Gateway.

VSX uses VLAN tags to direct the Ethernet frames to the specific Virtual System handling each network.

VSX assigns a virtual VLAN interface to each VLAN tag on a specific physical interface.

For example: VLAN tag 100 on eth3 will be assigned a virtual interface named eth3.100.

Warp Links

A Warp Link is a virtual point-to-point connection between a Virtual System and a Virtual Router Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR. or Virtual Switch.

Each side of a Warp Link represents a virtual interface with the appropriate Virtual Device.

VSX automatically assigns a name to each virtual interface when administrators create the link.

Warp Interfaces on the Virtual System side are assigned the prefix wrp and those on the Virtual Router / Virtual Switch side are assigned the prefix wrpj.

In both cases, VSX appends a unique number to the prefix to form the interface name.

When connected to a Virtual Switch, VSX also assigns a unique MAC address to each Warp Link.

Unnumbered Interfaces

VSX lets you reduce the number of IP addresses required for a VSX network deployment when using one or more Virtual Routers.

A Warp Link connected to a Virtual Router can "borrow" an existing IP address from another interface, instead of assigning a dedicated address to the interface leading to a Virtual Router.

This capability is known as an Unnumbered Interface.

Item	Description
1	VSX Gateway
2	The external interface serves as the next hop from the Virtual Router
3	External
4	Virtual Router
5	Unnumbered External Interfaces IP "borrowed" from internal interfaces
6	Internal Interfaces with predefined IP addresses
7	Internal

In this example, the external interfaces for each Virtual System are unnumbered and borrow the IP address of the internal interfaces.

Unnumbered interfaces act as the next hop from the Virtual Router.

Unnumbered Interface Limitations

The following limitations apply to Unnumbered Interfaces:

Unnumbered interfaces must connect to a Virtual Router.
You can only "borrow" an individual interface IP address once.
In order to use VPN or Hide NAT, the borrowed address must be routable.