This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Markus_Hauke
Explorer
‎2025-06-03 04:16 AM

Using R82 BGP API in classic VSX environment

Hello community,

I noticed in the R82 GAIA API the massive improvements regarding dynamic routing configuration. There are nice API endpoints to configure BGP for example. But I have some trouble to use these endpoints in my use case: I have a classic VSX environment (no VSnext) on top of my Maestro plattform. When reading the API documentation I cannot find any way to submit the virtual system ID in the request so that I can apply the BGP configuration to a distinct VS. Is there a "hidden" possibiliity to use these BGP endpoints in GAIA API with classic VSX or is it for simple gateways or VSnext only?

And why can I not simply upgrade to VSnext? My concerns are: I have VSX to completely separate data and management network. Is is easy in VSX as a Virtual System simply has no interface in the management networks because it is managed via VS0. In VSnext every VS has its own management interface but like in the good old simple gateway it uses a shared routing table with all data interfaces. This makes trouble in a highly segmented network environment. Would MDPS (Management Data Plane Separation) be an option for this or is MDPS not supported / recommended in VSnext?

Thanks in advance and best regards,

Markus

0 Kudos
5 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-06-03 05:32 AM

API parity/support is a feature (benefit) of VSNext compared with classic VSX.

A migration tool is planned for upgrades involving a move to ElasticXL in future.

 

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2025-06-03 10:58 AM

Legacy VSX has a design that is not consistent with how modern REST APIs operate.
That includes various elements of how virtual systems are constructed and deployed.

In R82 with VSnext, VSes are provisioned in Gaia.
Each VS has its own configuration similar to a standalone gateway.
This includes the ability to configure these settings via WebUI/clish/API. 

With VSes being nothing more than a standard gateway object in VSnext, it also makes it a lot simpler to convert between a VSnext VS and a physical gateway.

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-06-03 02:56 PM

No word yet on how MDPS might interact with VSNext. I've asked my diamond rep to look into it, but I suspect the answer will be it's not supported, which means VSNext won't work in my environment.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-06-15 03:53 PM
In response to Bob_Zimmerman

I will also query this internally, while this doesn't solve the MDPS like need it will be helpful for some...

R82 JHF T25 - PRJ-60148, PMTR-113933: VSNext

UPDATE: Rather than using the management switch, it is now possible to choose a different management interface for each virtual system (VS).

CCSM R77/R80/ELITE
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-06-15 04:06 PM
In response to Bob_Zimmerman

MDPS with VSNext is currently unsupported per limitations in sk138672.

Have requested sk79700 also be amended accordingly to reflect the same.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events