Technical data
Introduction to VSX
Check Point VSX Administration Guide NGX R67 | 11
How VSX Works
Each "virtual" Security Gateway (known as a Virtual System in VSX terminology) functions as an
independent firewall, protecting a specific network. Once packets arrive at the VSX gateway, it directs traffic
to the Virtual System protecting the destination network. The Virtual System inspects all traffic and passes
or rejects it according to rules contained in its Rule Base.
In order to better understand how virtual networks work, it is important to compare physical network
environments with their virtual (VSX) counterparts. While physical networks consist of many hardware
components, VSX virtual networks reside on a single configurable VSX gateway or cluster that defines and
protects multiple independent networks, together with their virtual components.
Physical Network Topology
The figure below shows a typical deployment with four physical Security Gateways, each protecting a
separate network. Each Security Gateway is a separate, physical machine that is hard-wired to the
perimeter router and its corresponding network.
Figure 1-1 Separate physical gateways protecting each network