It seems to crash for me. :-()

I've build the complex VSX environments running R77.30 on ESXi's in the past.

There were never any stability issues.

I'd recommend performing an ISO installations and not using prepackaged OVFs for it.

If you are building R80.20, depending on the version of Linux you are chosing, you may have to specify alternate Storage controller option.

Additionally, do not forget about setting promiscuous mode, forged transmits and MAC address changes in the portgroup connected to the VSX .

I ran into this on a freshly installed 6.7 ESXi instance and R80.10 (non-VSX) gateways.

Forged transmits was disabled by default, and I couldn't get the cluster to come up and see each other until I enabled it on all vSwitches.

Hi, can you clarify if this is still the case? Because I asked for "official" clarification from TAC and got an unexpected answer. 

What precisely were you told?

I asked a very clear question - was VSX on R80.20 on VMware supported for production use, and I was told very clearly that it was supported. I have requested clarification because I did not expect this answer, I expected the opposite. This is not an idle question, I have a very compelling use case for a customer, so I need to have an official support statement yes/no. 

To avoid ambiguity here is the reply from TAC:

VSX is supported on VMware ESXi for R80.20 Gaia. For more information, you can refer to the R80.20 release notes

I've been running VXS in ESX since R67.. till R80.30. Emulating our production boxes in the lab. Never had any problems building them or pushing policies. The only problem we encountered was when production box had bond interface - that part did not work in real tests to push traffic through. You cheat with interface names and I didn't have enough time to play long enough with it. But o believe it would work with no issues if you are not configuring bonds on gateway VM. There's a really good SK article how to set correct parameters on ESX. I know it's for Mgmt but I'm sure you can logically apply it to a GW. Just search SKs 🙂

sk175624: "On VMWare ESXi, it is supported to run Check Point CloudGuard gateways and clusters in VSX mode."

Regardless, outside of a lab or ACI I'm not sure I see the benefit of doing so.

There's a certain amount of overhead & consolidation / failure domains that are best avoided for a production setting imo.

Depending on the environment, price/performance and the benefits of a hypervisor (abstraction from the hardware removes driver issues, ability to snaphot for upgrades or backups).

Appreciate the general Vmware benefits, but why is this relevant to VSX specifically & preferred versus other VE/IaaS gateway types.

Interested to hear your thoughts.

It's not specific, but one of the benefits of VSX is a single GAiA install for multiple gateways. CG IaaS on VMware ESXi is attractive overall, VSX via CG IaaS on VMware has the same advantages. With changes coming to VSX with provisioning via the gateways and extensions to GAiA APIs VSX may offer less advantages over time - although there's still some economy of scale.