Manualshelf

Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070
21222324252627282930
VSX Architecture and Concepts
Check Point VSX Administration Guide NGX R67 | 21
A Physical Interface connects the Virtual Switch to an external router leading to the Internet.
VLAN Interfaces connect the Virtual Systems to the VLAN Switch, via A VLAN trunk.
The VLAN switch connects to the protected networks.
Physical Interfaces
Physical interfaces connect a VSX gateway to internal and external networks, as well as to the management
server. There are three types of physical interfaces (four types for a VSX Cluster) used in a VSX gateway:
Dedicated Management Interface: Connects the VSX gateway to the management server when it is
locally managed. If the VSX gateway is remotely managed, then the management connection arrives via
the external or internal interface.
External interface: Connects the VSX gateway to the Internet or other untrusted networks.
Internal Interface: Connects the VSX gateway to a protected network.
Synchronization Interface: Connects one VSX gateway member to other members for state
synchronization in a VSX clustering deployment.
Additional physical interfaces can be installed and attached to any virtual device as required. A VSX
gateway can theoretically contain as many physical interfaces as permitted by gateway hardware and
memory constraints.
VLAN Interfaces
Virtual Systems typically connect to protected VLAN networks using IEEE 802.1q compliant VLAN
Interfaces. The networks are connected to ports on an 802.1q-compliant switch that trunks all traffic via a
single physical interface to the VSX gateway.
VSX uses VLAN tags to direct the Ethernet frames to the specific Virtual System handling each network.
VSX assigns a virtual VLAN interface to each VLAN tag on a specific physical interface. For Example: VLAN
tag 100 on eth3 will be assigned a virtual interface named eth3.100.
Warp Links
A Warp Link is a virtual point-to-point connection between a Virtual System and a Virtual Router or Virtual
Switch. Each side of a Warp Link represents is a virtual interface with the appropriate virtual device.
NGX R67 VSX automatically assigns a name to each virtual interface when administrators create the link.
Warp Interfaces on the Virtual System side are assigned the prefix wrp and those on the Virtual
Router/Switch side are assigned the prefix wrpj. In both cases, VSX appends a unique number to the prefix
to form the interface name.
When connected to a Virtual Switch, VSX also assigns a unique MAC address to each Warp Link.