This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vedran_B
Participant
‎2018-05-14 12:14 AM

The number of Virtual systems on VSX cluster with the HA license

Hi to everyone.

I am not sure how many Virtual systems (VSs) can be run on a VSX cluster of two VSX gateways deployment in HA or VSLS mode and with CPAP-SG5600-NGTP and CPAP-SG5600-NGTP-HA licenses installed on them. Can two VSs can be run on each VSX gateway at the same time without any additional VS package? 

0 Kudos
12 Replies
Bence_Jakli
Participant
‎2018-05-14 01:43 AM

I think, with the standard CPAP-SG5600-NGTP(-HA) licenses you cannot run any VS. You need to buy either VS licenses (CPSB-VS-10 CPSB-VS-10-VSLS) or specific virtual system bundle (eg. CPAP-SG5600-NGTP-HPP-VS5).

0 Kudos
Vedran_B
Participant
‎2018-05-14 04:27 AM

Hi Bence,

I am little confused. On Product Catalog web page, inside the Licensing Instrutions, writtes that "Each appliance includes 2 Virtual systems" (picture below). In which situation this statement is a true?

Valeriu_Cioara
Participant
‎2018-05-14 07:45 AM
In response to Vedran_B

Hi Vedran

VS0 (the VSX gateway itself) always counts as one VS, so in theory (based on the first statement in the Licensing Instructions window) you should be able to create an additional Virtual System instance without using any VSX licenses.

(Not sure how useful this could be, except in the case when you want to deploy an appliance from day one as a VSX gateway, giving you the capability to create additional VS-es at a later date, after buying and installing a VS blade license)

This might have been a valid statement when the new 2016 appliances were released, but I think Check Point removed this functionality, without updating  the content of the Product Catalog.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2021-01-22 12:50 PM
In response to Valeriu_Cioara

Years late to the party, but the reason two VSs are included in most (maybe all, now?) licenses is to let you separate management routing from through-traffic routing. People see the port labeled "MGMT" on Check Point branded servers, and they expect it to act like the management port on a Cisco router or a PAN. It does not. Other platforms generally have one routing table for management traffic and a separate routing table for all of the other interfaces.

When people deploy Check Point firewalls how they would deploy these other platforms, they wind up with weird asymmetric routing. Including the ability to run one additional VS gives a way to deal with that.

Nicolas_Bernier
Participant
‎2018-05-14 09:07 AM

Hi Vedran,

Unless you boy specific VSX licences or VSX appliances, you wont have any possibility.

By default (in general), VSX appliance come with 10 VSs (VS0 / hyperviser count as 1). When you are in cluster, VS licences dont stackup. So if you have 2 members, each with 20 VS licences, you are limited at 20 VSs on the cluster.

Keep in mind virtual switches does not count.

Looking at your case, @Bence is actually right since every appliance is either sell as "standalone" appliance or "VSX" appliance for a little more where both are different SKU.

thanks

0 Kudos
Vedran_B
Participant
‎2018-05-14 11:53 PM

Thank you guys, you clarified my dilemma about the number of VSs on VSX cluster.

Regards

0 Kudos
Anthony_Kahwati
Collaborator
‎2021-01-21 09:09 AM
In response to Vedran_B

Hi

Sorry to re-hash an old post. I see bove that there is a comment that V-Switch does not count. Just wanted to confirm this. Also, Is there a command anyone knows of that gives an output of VS used vs VS available to use within the license count? For example "you have used 9 of 10 available VS licenses"

Thanks

JanVC
Collaborator
‎2021-01-21 10:54 AM
In response to Anthony_Kahwati

"vsx stat" on your VSX gateway

Anthony_Kahwati
Collaborator
‎2021-01-21 11:41 AM
In response to JanVC

Thank you!

0 Kudos
_Val_
Admin
Admin
‎2021-01-22 01:09 AM
In response to Anthony_Kahwati

Virtual Switches and Virtual Routers are not counted

G_W_Albrecht
Legend Legend
Legend
‎2021-01-22 01:16 AM
In response to _Val_

...but never forget: they do cost ressources that are limited by the hardware - e.g. when too many of the Virtual S/Rs fill up the available RAM, some VS will be unable to start.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Anthony_Kahwati
Collaborator
‎2021-01-22 09:28 AM
In response to G_W_Albrecht

Thanks RE VS and VR count. Understood RE resources. We have only had 1 x VS and 0 x VR for the last 5 years and are not changing much but going from 12400's to 23500's so not too bothered about resources thankfully 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events