Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Krishnan
Contributor
Jump to solution

Virtual Router - PA Equivalent

Hi,

Currently we have a PA Firewall (800 series) on which he has created two virtual routers and one is used for voice traffic which has a different gateway and the other one has data which has a different networks and different ISP. How can it be achieved in Checkpoint Firewall ? I know we can use PBR for voice traffic however what is the exact equivalent for the same? This is very similar to vrf concepts. Can it be achieved in say 3200 Checkpoint Firewall ?

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

VSX provides virtualization of a security gateway and allows creation of Virtual Firewall Systems & Virtual Routers.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee

VSX provides virtualization of a security gateway and allows creation of Virtual Firewall Systems & Virtual Routers.

CCSM R77/R80/ELITE
0 Kudos
Krishnan
Contributor
Hello,
How can we do without creating virtualization ?
1. If we are creating virtualization, do we need any license for that ?
2. Don't we have any equivalent to have different vrfs.
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Two VS are included by default.

Paid license increments are 3,10,25,50

e.g. 

CPSB-VS-3 (primary gateway)

CPSB-VS-3-VSLS (standby gateway)

 

CCSM R77/R80/ELITE
0 Kudos
Krishnan
Contributor
But is there any equivalent for vrf with single instance instead of creating two ? Because in the existing they have a single instance of firewall with two virtual routers (PA). So will prefer the same.
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Aside from MDPS the only other choice that may be relevant is multi-instance OSPF depending on your actual requirements.

CCSM R77/R80/ELITE
Krishnan
Contributor
Thanks Chris
0 Kudos
ikafka
Collaborator

Hi Krishnan

Can you share how you resolved this situation? I need to find the best solution in the same situation right now.

Thanks. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Note with VSX, Virtual Routers don't consume a VS license.

CCSM R77/R80/ELITE
0 Kudos
Bob_Zimmerman
Authority
Authority

Did this change recently? Router contexts definitely did consume license slots in the past. I don't use router contexts, so I don't notice changes to how they work. The only VS type which I know has never consumed a slot is a switch.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events