This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mark_Ewest
Participant
‎2022-10-19 08:44 AM
Jump to solution

VSX provisioning tool - VS topology - Security Zone support?

Hello Fine Community!

Quick question regarding VSX provisioning tool.  I've used this tool over the years to build/manage interfaces on Virtual Systems - but more recently have been utilizing Security Zones on interfaces.  Is anyone aware of support for tagging an interface with a Security Zone via VSX provisioning tool?   I've searched some documentation, but haven't found much (perhaps I'm just missing it, or perhaps this is not available [yet?]).  Any insights appreciated.  Below is a basic example of a command I use; but ideally could also tag the eth0.123 interface with "InternalZone" on the same line.  Apologies if I've missed a similar post on this topic!

add interface name eth0.123 ip x.x.x.x/24 topology internal_this_network

0 Kudos
2 Solutions

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2022-10-19 11:12 PM
Jump to solution

In future versions there will be a shift towards APIs for VSX.

With that said the last I saw regarding the VSX provisioning tool pertained to "defined by routed" behavior... i.e.

PRJ-32534,
PMTR-74770

VSX

UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool.

 

Will check the status regarding Zones and revert.

CCSM R77/R80/ELITE

View solution in original post

_Val_
Admin
Admin
‎2022-10-21 01:11 AM
In response to Mark_Ewest
Jump to solution

Just to make sure, we are now working on VSX Pro - a completely new architecture for virtualized security, and it will have native APIs for management. You will not need the provisioning tool with it anymore, AFAIK.

That said, it will not be available before some time the next year.

View solution in original post

9 Replies
genisis__
Mentor Mentor
Mentor
‎2022-10-19 01:01 PM
Jump to solution

Not see anything myself,  I would also like to know if there is a way to enable anti-spoofing in detect and log mode per interface.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-10-19 11:12 PM
Jump to solution

In future versions there will be a shift towards APIs for VSX.

With that said the last I saw regarding the VSX provisioning tool pertained to "defined by routed" behavior... i.e.

PRJ-32534,
PMTR-74770

VSX

UPDATE: It is now possible to define interface topology as "defined by routes" using the VSX provisioning tool.

 

Will check the status regarding Zones and revert.

CCSM R77/R80/ELITE
Mark_Ewest
Participant
‎2022-10-20 06:45 AM
In response to Chris_Atkinson
Jump to solution

Got it, yea a shift towards APIs makes sense and I was kind of wondering how much more new functionality will be added to the VSX provisioning tool if that was the case.  But didn't know if APIs would leverage the provisioning tool on the backend or be independent.  I have more questions than answers 🙂  Thanks for your input.

0 Kudos
_Val_
Admin
Admin
‎2022-10-21 01:11 AM
In response to Mark_Ewest
Jump to solution

Just to make sure, we are now working on VSX Pro - a completely new architecture for virtualized security, and it will have native APIs for management. You will not need the provisioning tool with it anymore, AFAIK.

That said, it will not be available before some time the next year.

genisis__
Mentor Mentor
Mentor
‎2022-10-21 12:46 PM
In response to _Val_
Jump to solution

Would be really good to get more info on VSX Pro!

0 Kudos
_Val_
Admin
Admin
‎2022-10-24 01:42 AM
In response to genisis__
Jump to solution

I promise we will talk about that as soon as we can 🙂 But before, please let R&D do their magic.

0 Kudos
Mark_Ewest
Participant
‎2022-10-28 06:29 AM
In response to _Val_
Jump to solution

Just wanted to say thanks to @_Val_  and @Chris_Atkinson  for the comments!  Will certainly look forward to hearing more about VSX Pro and native Mgmt APIs.

amoruck
Participant
‎2023-11-17 03:37 AM
In response to _Val_
Jump to solution

Hello,

Any news regarding this feature/project? is there any other way to configure security zone/anti-spoofing  for VSX virtual system interfaces?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-11-17 05:12 AM
In response to amoruck
Jump to solution

Further changes are expected with the release of R82.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top