Working with Virtual Switches

This section describes how to define and configure a Virtual SwitchClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical switch. Acronym: VSW..

Introduction

Virtual Switches provide level-2 connectivity between Virtual Systems and internal or external networks.

As with physical switches, each Virtual Switch maintains a forwarding table containing entries that describe known networks and directions for reaching them.

You can define Virtual Switches for external and internal communications.

Item

Description

 

Item

Description

1

Internet

 

6

Virtual Systems

2

Router

 

VLAN Interface

3

VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.

 

VLAN Trunk

4

VLAN Switch

 

Warp LinkClosed Logical interface that is created automatically in a VSX topology between: (1) Virtual System and Virtual Switch (2) Virtual System and Virtual Router. Acronym: WRP.

5

Virtual Switch

 

 

 

The figure shows a typical deployment using a Virtual Switch for external connections and a VLAN trunk leading to the internal, protected network.

Creating a New Virtual Switch

Use the Virtual Switch Wizard to create a new Virtual Switch. You can modify the initial definition and configure advanced options after completing the wizard.

To create a new Virtual Switch:

  1. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Target Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that manages the new Virtual SystemClosed Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS..

  2. From the left navigation panel, click Gateways & Servers.

  3. Create a new Virtual Switch object in one of these ways:

    • From the top toolbar, click the New () > VSX > New Virtual Switch.

    • In the top left corner, click Objects menu > More object types > Network Object > Gateways and Servers > VSX > New Virtual Switch.

    • In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > VSX > Virtual Switch.

    The Virtual Switch Wizard opens.

  4. In the Name field, enter the name for the new Virtual Switch.

  5. In the VSX Gateway / Cluster field, select the applicable VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway or VSX ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..

  6. Click Next.

  7. In the Interfaces section, click Add to add the interface, to which the Virtual Switch connects.

  8. Click Next.

  9. Click Finish.

Modifying a Virtual Switch

  1. Connect with SmartConsole to the Security Management Server or Target Domain Management Server that manages the Virtual Switch.

  2. From the Gateways & Servers view or Object Explorer, double-click the Virtual Switch object.

Virtual Switch - General Properties

The General Properties page allows you to add comments and change the icon color as displayed in SmartConsole.

Virtual Switch - Topology

The Topology page defines Virtual Switch interfaces. You can only modify the single defined interface. You cannot change the settings for Warp interfaces in this window.

To add an interface:

  1. Click New.

    The Interface Properties window opens.

  2. Select an interface from the list and define the IP address, net mask and other properties.

  3. Optional: Click Actions > Copy to Clipboard to copy the Interfaces table in CSV format.

Deleting a Virtual Switch

To delete a Virtual Switch:

  1. Connect with SmartConsole to the Security Management Server or Target Domain Management Server that manages the new Virtual Switch.

  2. From the Gateways & Servers view or Object Explorer, double-click the Virtual Switch object.

  3. From the left tree, click Topology.

  4. In the Interfaces section, remove all interfaces.

  5. Click OK.

  6. Right-click the Virtual Switch object and select Delete.

  7. Click Yes in the confirmation box.

  8. Publish the SmartConsole session.