Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vedran_B
Participant

The number of Virtual systems on VSX cluster with the HA license

Hi to everyone.

I am not sure how many Virtual systems (VSs) can be run on a VSX cluster of two VSX gateways deployment in HA or VSLS mode and with CPAP-SG5600-NGTP and CPAP-SG5600-NGTP-HA licenses installed on them. Can two VSs can be run on each VSX gateway at the same time without any additional VS package? 

0 Kudos
12 Replies
Bence_Jakli
Participant

I think, with the standard CPAP-SG5600-NGTP(-HA) licenses you cannot run any VS. You need to buy either VS licenses (CPSB-VS-10 CPSB-VS-10-VSLS) or specific virtual system bundle (eg. CPAP-SG5600-NGTP-HPP-VS5).

0 Kudos
Vedran_B
Participant

Hi Bence,

I am little confused. On Product Catalog web page, inside the Licensing Instrutions, writtes that "Each appliance includes 2 Virtual systems" (picture below). In which situation this statement is a true?

Valeriu_Cioara
Participant

Hi Vedran

VS0 (the VSX gateway itself) always counts as one VS, so in theory (based on the first statement in the Licensing Instructions window) you should be able to create an additional Virtual System instance without using any VSX licenses.

(Not sure how useful this could be, except in the case when you want to deploy an appliance from day one as a VSX gateway, giving you the capability to create additional VS-es at a later date, after buying and installing a VS blade license)

This might have been a valid statement when the new 2016 appliances were released, but I think Check Point removed this functionality, without updating  the content of the Product Catalog.

0 Kudos
Bob_Zimmerman
Advisor

Years late to the party, but the reason two VSs are included in most (maybe all, now?) licenses is to let you separate management routing from through-traffic routing. People see the port labeled "MGMT" on Check Point branded servers, and they expect it to act like the management port on a Cisco router or a PAN. It does not. Other platforms generally have one routing table for management traffic and a separate routing table for all of the other interfaces.

When people deploy Check Point firewalls how they would deploy these other platforms, they wind up with weird asymmetric routing. Including the ability to run one additional VS gives a way to deal with that.

Nicolas_Bernier
Participant

Hi Vedran,

Unless you boy specific VSX licences or VSX appliances, you wont have any possibility.

By default (in general), VSX appliance come with 10 VSs (VS0 / hyperviser count as 1). When you are in cluster, VS licences dont stackup. So if you have 2 members, each with 20 VS licences, you are limited at 20 VSs on the cluster.

Keep in mind virtual switches does not count.

Looking at your case, @Bence is actually right since every appliance is either sell as "standalone" appliance or "VSX" appliance for a little more where both are different SKU.

thanks

0 Kudos
Vedran_B
Participant

Thank you guys, you clarified my dilemma about the number of VSs on VSX cluster.

Regards

0 Kudos
Anthony_Kahwati
Contributor

Hi

Sorry to re-hash an old post. I see bove that there is a comment that V-Switch does not count. Just wanted to confirm this. Also, Is there a command anyone knows of that gives an output of VS used vs VS available to use within the license count? For example "you have used 9 of 10 available VS licenses"

Thanks

JanVC
Contributor

"vsx stat" on your VSX gateway

Anthony_Kahwati
Contributor

Thank you!

0 Kudos
_Val_
Admin
Admin

Virtual Switches and Virtual Routers are not counted

G_W_Albrecht
Champion
Champion

...but never forget: they do cost ressources that are limited by the hardware - e.g. when too many of the Virtual S/Rs fill up the available RAM, some VS will be unable to start.

Anthony_Kahwati
Contributor

Thanks RE VS and VR count. Understood RE resources. We have only had 1 x VS and 0 x VR for the last 5 years and are not changing much but going from 12400's to 23500's so not too bothered about resources thankfully 🙂

0 Kudos