Solved: Re: regarding for VSXs

Vishal8002

Hi Everyone,

Good Afternoon,

Please help me regarding. i want to create a 6 VSX in checkpoint. i read most if thing but i cant understand how to create and is that compulsory if i create multiple VSX the we must create a Vertual router or verttual switch.
what command run on gateway for enable the VSX service.
and what must my management ip and what must my external Ip and internal IP.

and i also using a one ISP so how to connectivity and configuration done at the point when i create a VSXs.

Thanks, and Regards

Vishal Kumar

Martijn

Vishal,

When creating a VSX setup, you have two options.

Legacy VSX (R82 and below)
VSXNext (R82)

You have to investigate which option suits your requirements.

Best is to read all VSX documentation available on the Check Point website.

Martijn

View solution in original post

Vincent_Bacher

In your case, I would recommend attending the CCVS training, as it is really valuable for VSX beginners.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

Chris_Atkinson

This YouTube playlist may help you:

https://youtube.com/playlist?list=PL4Jm1LJEII4ZiVFkjtB1zMyOzn0LUVP21&si=00kTs2AWaENP5slo

CCSM R77/R80/ELITE

View solution in original post

Bob_Zimmerman

With VSX, a given VLAN on a given physical interface can only go to one VS. That is, you can't have six VSs all sharing one physical interface to a core transit VLAN. This is where you need a virtual switch. If your six VSs will all use different physical interfaces, or different VLANs on the same physical interfaces, you don't need a switch.

One thing the VSX documentation and introductions don't really cover: use bonds for all of your interfaces. Don't let VSX be aware of any physical interface which isn't in a bond. Stick the physical interface in a bond, then tell VSX to use the bond instead. This helps a LOT when you eventually want to replace the hardware. Bonds can have a single member, and non-LACP bonds with only one member don't need any special support on the switch side.

View solution in original post

the_rock

To add to all guys have said.

https://www.youtube.com/watch?v=TDEvZ0zVLAY

https://community.checkpoint.com/t5/CheckFlix/ct-p/checkflix (just search for vsx)

Best,
Andy

View solution in original post

Martijn

Vishal,

When creating a VSX setup, you have two options.

Legacy VSX (R82 and below)
VSXNext (R82)

You have to investigate which option suits your requirements.

Best is to read all VSX documentation available on the Check Point website.

Martijn

Vincent_Bacher

In your case, I would recommend attending the CCVS training, as it is really valuable for VSX beginners.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Chris_Atkinson

This YouTube playlist may help you:

https://youtube.com/playlist?list=PL4Jm1LJEII4ZiVFkjtB1zMyOzn0LUVP21&si=00kTs2AWaENP5slo

CCSM R77/R80/ELITE

Bob_Zimmerman

With VSX, a given VLAN on a given physical interface can only go to one VS. That is, you can't have six VSs all sharing one physical interface to a core transit VLAN. This is where you need a virtual switch. If your six VSs will all use different physical interfaces, or different VLANs on the same physical interfaces, you don't need a switch.

One thing the VSX documentation and introductions don't really cover: use bonds for all of your interfaces. Don't let VSX be aware of any physical interface which isn't in a bond. Stick the physical interface in a bond, then tell VSX to use the bond instead. This helps a LOT when you eventually want to replace the hardware. Bonds can have a single member, and non-LACP bonds with only one member don't need any special support on the switch side.

the_rock

To add to all guys have said.

https://www.youtube.com/watch?v=TDEvZ0zVLAY

https://community.checkpoint.com/t5/CheckFlix/ct-p/checkflix (just search for vsx)

Best,
Andy

Are you a member of CheckMates?

regarding for VSXs