cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Sanjay_S
Nickel

Communication between VSX environments

Hi All,

We have a VSX environment where there are 2 environments. One is management(From where we login to the firewalls: vsenv 0) and the other is production(No management and login with the help of management VSX: vsenv 1).

No we need to route a traffic from vsenv 0 to vsenv 1 as there is no interface we are not able to route the traffic. 

May i know is there any way we can get this working as the LDAP authentication is not working and the traffic is generated by the source in vsenv 0 and the destination is behind vsenv 1.

Any quick help is much appreciated.

 

0 Kudos
11 Replies

Re: Communication between VSX environments

The only way I can think of that this could work is when you use a seperate interface on VS0 in the same network as your VS1 connection to the AD.
You cannot use a vSwitch as you cannot use that on VS0.
Regards, Maarten
0 Kudos
Jerry
Gold

Re: Communication between VSX environments

reply is NO, there is no quick solution for it unfortunately, you need to get through this first I guess:

https://community.checkpoint.com/t5/General-Topics/MDSM-with-VSX-Configuration-Guide-and-Architectur...
Jerry
0 Kudos
Highlighted
Wolfgang
Silver

Re: Communication between VSX environments

You can create a new vswitch and create new interfaces in vs0 and vs1 connected to this vswitch. 

Add the relevant routes to both vs0 and vs1 and rules for allowing the needed traffic.

0 Kudos

Re: Communication between VSX environments

I stand corrected, on VS0 you can use a vSwitch, so yes this would be the simplest way to do this.
Regards, Maarten
0 Kudos
Sanjay_S
Nickel

Re: Communication between VSX environments

Hi Maarten,

Creating vSwitch will have any impact for the current production? If not, could you please share any SK or any link that would help me in gaining the knowledge on how to create a vSwitch.
0 Kudos

Re: Communication between VSX environments

see: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_VSX_AdminGuide/html_frameset...

Yes there will be an interruption, you will need to:
remove the interface from VS1
create the switch
add a interface to the switch on VS1 with the IP that you previously removed
add a new interface to the switch on VS0 with a new IP in the same network.
Regards, Maarten
0 Kudos

Re: Communication between VSX environments

There is an easier solution for your issue!

You can change how a virtual-system is trying to reach the LDAP server:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

 

0 Kudos
Sanjay_S
Nickel

Re: Communication between VSX environments

Hi Norbert,
This seems to be a good one. But one more problem is there we are actually enabling Mobile Access blade in the environment. We have MDS and the CMA IP of the VSX Production(vsenv 1) is trying to access the Radius which in turn is reaches the vsenv 0 and from there we again need to route the traffic to vsenv 1 for atleast this access.
0 Kudos

Re: Communication between VSX environments

also Radius is possible as "private": https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,

 

So this is not only relevant for LDAP Smiley Happy

0 Kudos
Sanjay_S
Nickel

Re: Communication between VSX environments

Thats really a great one.
I will go through this and try to apply it. Will update you the outcome.
Just one more question, this will not affect any production environment right?
0 Kudos

Re: Communication between VSX environments

It will affect only this one VS and there only authentication traffic like LDAP/Radius and so on
0 Kudos