Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mph
Explorer

Installing VSX on on VMware ESXi

For lab testing, is it possible to set up VSX on a VMWARE ESXi server?        I'd like to test some things out without having to build up lots of servers. 

I was able to install it, but when it goes to run it does not complete loading.. and crashes...

0 Kudos
14 Replies
Maarten_Sjouw
Champion
Champion

You just install a standard gateway and run the FTW, and also here only install a gateway do not use all in one. Next thing is to install latest jumbo.
Once running you just type in clish: set vsx on
Add the gateway to a management server as a VSX gateway and you are set to go.
Regards, Maarten
PhoneBoy
Admin
Admin

Just to be clear, outside of a specific use case with Cisco ACI, VSX isn't officially supported in VMware.
That said, it should work in VMware for lab purposes.
0 Kudos
mph
Explorer

It seems to crash for me. :-()

 

0 Kudos
Vladimir
Champion
Champion

I've build the complex VSX environments running R77.30 on ESXi's in the past.

There were never any stability issues.

I'd recommend performing an ISO installations and not using prepackaged OVFs for it.

If you are building R80.20, depending on the version of Linux you are chosing, you may have to specify alternate Storage controller option.

Additionally, do not forget about setting promiscuous mode, forged transmits and MAC address changes in the portgroup connected to the VSX .

0 Kudos
Jeffrey_Fogel
Employee Alumnus
Employee Alumnus

I ran into this on a freshly installed 6.7 ESXi instance and R80.10 (non-VSX) gateways.

Forged transmits was disabled by default, and I couldn't get the cluster to come up and see each other until I enabled it on all vSwitches.

 

 

0 Kudos
AK2
Collaborator

Hi, can you clarify if this is still the case? Because I asked for "official" clarification from TAC and got an unexpected answer. 

0 Kudos
PhoneBoy
Admin
Admin

What precisely were you told?

0 Kudos
AK2
Collaborator

I asked a very clear question - was VSX on R80.20 on VMware supported for production use, and I was told very clearly that it was supported. I have requested clarification because I did not expect this answer, I expected the opposite. This is not an idle question, I have a very compelling use case for a customer, so I need to have an official support statement yes/no. 

To avoid ambiguity here is the reply from TAC:

VSX is supported on VMware ESXi for R80.20 Gaia. For more information, you can refer to the R80.20 release notes

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

I've been running VXS in ESX since R67.. till R80.30. Emulating our production boxes in the lab. Never had any problems building them or pushing policies. The only problem we encountered was when production box had bond interface - that part did not work in real tests to push traffic through. You cheat with interface names and I didn't have enough time to play long enough with it. But o believe it would work with no issues if you are not configuring bonds on gateway VM. There's a really good SK article how to set correct parameters on ESX. I know it's for Mgmt but I'm sure you can logically apply it to a GW. Just search SKs 🙂

0 Kudos
Paul_Hagyard
Advisor

sk175624: "On VMWare ESXi, it is supported to run Check Point CloudGuard gateways and clusters in VSX mode."

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Regardless, outside of a lab or ACI I'm not sure I see the benefit of doing so.

There's a certain amount of overhead & consolidation / failure domains that are best avoided for a production setting imo.

CCSM R77/R80/ELITE
0 Kudos
Paul_Hagyard
Advisor

Depending on the environment, price/performance and the benefits of a hypervisor (abstraction from the hardware removes driver issues, ability to snaphot for upgrades or backups).

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Appreciate the general Vmware benefits, but why is this relevant to VSX specifically & preferred versus other VE/IaaS gateway types.

Interested to hear your thoughts.

CCSM R77/R80/ELITE
0 Kudos
Paul_Hagyard
Advisor

It's not specific, but one of the benefits of VSX is a single GAiA install for multiple gateways. CG IaaS on VMware ESXi is attractive overall, VSX via CG IaaS on VMware has the same advantages. With changes coming to VSX with provisioning via the gateways and extensions to GAiA APIs VSX may offer less advantages over time - although there's still some economy of scale.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events