Technical data
Check Point VSX Administration Guide NGX R67 | 15
Chapter 2
VSX Architecture and Concepts
In This Chapter
Overview 15
The VSX Gateway 15
Virtual Devices 18
VSX Management Overview 22
VSX Traffic Flow 25
VSX Routing Concepts 27
VSX Clusters 30
Overview
This chapter presents an overview of core VSX concepts and describes the architecture and building blocks
that comprise a VSX virtual environment. This information is essential in order to plan, provision, configure,
and operate a VSX virtual network deployment. VSX includes a robust set of virtual components that
emulate the functionality of physical network devices. By using these virtual components, you can create
network topologies that are functionally equivalent to physical networks.
The term "Virtual Devices" refers to Virtual Systems, Virtual Switches, and Virtual Routers.
This chapter also introduces the two principal management models with which you manage the VSX
environment. Finally, this chapter describes several routing and traffic management features that are
applicable to VSX environments.
The VSX Gateway
A VSX gateway is a physical machine that hosts virtual "networks", consisting of virtual devices that
provide the functionality of their physical network counterparts such as: Security Gateways, routers and
switches.
A VSX gateway performs the following tasks:
Communicates with the management server to handle provisioning and configuration for all virtual
devices
Manages state synchronization to for high availability and for load sharing in cluster deployments.
Management Server Connections
A management server (Security Gateway or Multi-Domain Security Management Multi-Domain Server)
connects to the VSX gateway and provides provisioning and configuration services for virtual devices
located on the VSX gateway. You can connect the management server to the VSX gateway using one of the
following scenarios.
Local Connection: The management server connects directly to the VSX gateway via a dedicated
management interface.
Remote Connection: The management server connects remotely from an external or internal network
by means of a router connected to a management interface. This method ensures segregation of
management traffic from all other traffic.