Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Allan_Hart
Explorer

Checkpoint 15600 appliance and VSX clusters/gateways/domains

I am installing 2 new 15600 appliances and have a question about VSX configuration.

The simplest approach is a single security manager with a single domain and 2x virtual systems.

The more complex approach is multi-domain manager with a single domain and 2x virtual systems. (Purely to get the online backup of the database, rather than rely solely on offline backups)

However, I would like to know if my physical appliances can support multiple domains.  It may be easier to use 2x domains with 1 virtual system in each domain.  But I have no definitive answer if the 15600 appliances can have a leg in each domain, or they are purely designed for a single domain 

The environment is very fluid, so I need a fluid design.

0 Kudos
5 Replies
Kaspars_Zibarts
Employee Employee
Employee

You can have one vs per domain if you want.

Didn't quite understand the comment: Purely to get the online backup of the database, ratherthan rely solely on offline backups though

0 Kudos
Allan_Hart
Explorer

Want to know if a 15600 appliance is multi-domain or single domain.  Some older appliances are multi-domain. 

A Security Gateway only supports a single domain, as per documentation, with multiple VS.  To get Multi-domain support the Multi-Domain Security Gateway is required.

Another advantage of Multi-Domain is that 2 or more physical servers can be installed and Domains can be Active/standby across the physical servers - shared database.

0 Kudos
Maarten_Sjouw
Champion
Champion

The machine does not define if it is multi domain or not. For a Multi-Domain management you need a separate machine anyway, it cannot be run on a gateway that works as a VSX gateway.

A VSX gateway can handle as many domains as the license allows you to run VS's on it. So if you have a Multi Domain server and a cluster of 15600 in VSX mode, the only limit is your licenses, the one for the number of VS'es the other for your Multi Domain server.So when you have 2 15600's with each a 25 VS license on them you can tun 25 VS'es shared across them or all on one box or when you run them not as a cluster 25 each. Then your Multi Domain server license needs to support 25 or 50 domains if you want to run a VS per domain.

We have all kinds of customer setups where we have customers with a single gateway with 3VS'es on top (single domain), customers with a cluster with a single VS on top (single domain), a customer with 2 clusters with 15 VS'es each (single domain) and shared environments with a cluster gateways running around 25 different customers (1 domain per customer).

So it all comes down to what YOU want and need.

Regards, Maarten
Allan_Hart
Explorer

Thanks for answer.

I am installing a multi-domain primary server and a secondary server, plus multi-logging server.  The proposal is a minimum 2 domains - 1 supporting the existing clients and the new domain supporting new clients at 30 physical locations. Original recommendation was 1 VS for each new client but I have simplified this to a separate new client domain and local controls to prevent mixed client traffic.

This is 1 small part of a large change.

I am fully aware the servers are separate to the 15600 appliances and want to make sure I can share the clustered 15600 appliances across 2 domains.

Worst case is I go back to a single domain with 2x VS. With as yet, undefined growth.

0 Kudos
Maarten_Sjouw
Champion
Champion

In Multi Domain each VS can be in it's own domain, share a domain with as many gateways as you Domain license allows or together with any other VS, does not matter how many or which underlying appliance hardware you have. It is all software based.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events