Technical data

Managing VSX Clusters
Check Point VSX Administration Guide NGX R67 | 122
Configuring Virtual Systems for Active/Standby Bridge Mode
To configure a Virtual System to use the Bridge mode, you must define it as a Virtual System in the Bridge
mode when initially creating it. You cannot reconfigure an existing, non-Bridge mode Virtual System to use
the Bridge mode at a later time.
To configure a Virtual System for the Active/Standby Bridge mode:
1. On the Virtual System Wizard - General Properties page, enable the Bridge mode option.
2. On the Network Configuration page, Click Add to open the Add Interface window. Define an internal
and external interface as follows:
a) Select an interface from the list.
b) Enter a unique VLAN tag.
c) Select either an internal or external interface.
d) For internal interfaces, optionally select an IP address or Network that connects to the interface.
3. On the Network Configuration page, optionally, enable Layer-3 bridge interface monitoring. This
feature assists in detecting network faults for failover. The IP address must be unique and be located on
the same subnet as the protected network.
Advanced Clustering Configuration
This section presents several advanced cluster scenarios and procedures for their configuration.
Clusters on the Same Layer-2 Segment
The recommended cluster architecture contains interfaces connect to a Layer-2 segment that is isolated
from other clusters. When configuring a cluster with only two members, you should connect the secured
interfaces of the sync network using a crossover cable.
However, in a deployment where multiple clusters need to connect to the same Layer-2 segment, the same
MAC address may be used by more than one cluster for Cluster Control Protocol (CCP) communication.
This may direct traffic to the incorrect cluster. In this case you will need to modify the source MAC
address(es) of the clusters.
This section describes how source MAC addresses are assigned, and explains how to change them. This
procedure applies to both ClusterXL and OPSEC certified clustering products using the High Availability
mode.