I'm investigating the possibilities for our company to migrate to Check Point and use the VSX solution, but I'm having some difficulties understanding the best solution to use regarding virtual switches or routers.
I've attached a PDF of a possible solution where we migrate all our dedicated customer firewalls to one virtual systems per customer running on a dedicated firewall cluster.
All of our customers are placed within their own VLAN's and have traffic flowing into both directions (customer to internet and internet to customer, no traffic is needed between customers). I think I'm forced to use a vRouter on the LAN side because I need to do something with source-based routing to direct it towards the corresponding virtual system or are their possibilities using a vSwitch here?
For the WAN side I think I can use both solutions, vSwitch where we use our edge router to sent traffic to the corresponding virtual system, or a vRouter where traffic is directed by the vRouter towards the corresponding virtual system.
What are pros and cons of using vSwitches or vRouters and does anyone has suggestions which solution is feasible?