Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergio_Lima1
Participant

Best way to deploy VSX - dedicated interface or lead by vritual-switch

Good day all - trust you're doing well today!

Sorry for dummy question but, I'm planning to deploy a new VSX firewall in DC (in cluster mode, a pair of SG-2200) and, I stopped in a doubt about which is best to manage/configure interfaces on firewall: using dedicated interfaces with VLANS or using interfaces lead by virtual switch? which is best

5 Replies
Kaspars_Zibarts
Employee Employee
Employee

SG2200 will be way too small to run VSX buddy Smiley Happy only 2 cores and not much memory. Stay away Smiley Happy

Sergio_Lima1
Participant

Hi Kaspars; thanks for heads-up; we will deploy for a no large requirements for our customer.

My main concern is about which model of topology we can use/determine to maximize performance and reduce overrun/overload both VSX capacity. Not sure if I configure virtual-systems as a regular interface or uses interfaces based on virtual switch (leads by switch). Your advice will be welcome and helps very much.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Hmm, I'm still not 100% if you can even run VSX on those - have you done that already just the basic install?

Switch or not is a personal preference. I have seen both scenarios, even with virtual router. Really depends on your network topology and requirements. Think that virtual switch is another VS that you need to spin up that will chew your already tiny resources...

Sergio_Lima1
Participant

Well, I discussed here with network guru guys and their suggestion was to using regular interface instead. I review all interconnections needed and see that we will gain some control and reduce overrun on SG processor and memory usage. Our topology, I tried to keep simple and clean, but some application services need to specific control and network separation (layer 2 VLAN) and access controlled directly by firewall rules.

Anyway, many thanks for your input; appreciate.

Michael_Lawrenc
Contributor

The typical deployment, as I understand it, is to vswitch the internal interfaces and then trunk them to the internal core and leave the external interfaces as straight up LAN/VLAN.  Are you talking about virtual switches inside, outside or both?  A lot depends on your environment. 

Bear in mind VSX is intended to provision multiple gateways leading to multiple internal networks.  i.e. - to firewall each network with its own gateway/cluster.  It's a "rack in a box" solution. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events