Technical data

Deploying VSX
Check Point VSX Administration Guide NGX R67 | 167
VSX Virtual System Deployment Strategies
In a VSX environment, Virtual Systems protect internal networks, much in the same manner as Security
Gateways and other Check Point products in a physical network. This section presents several sample VSX
deployments using Virtual Systems to protect internal networks.
Each example highlights certain VSX features. In an real-world deployment, you can combine several of the
concepts presented in these examples to create a powerful network security solution for complex enterprise
environments.
Physical Internal Interface for Each Virtual System
The figure below shows a basic VSX configuration where Virtual Systems connect directly to protected
internal networks using physical interfaces on the VSX gateway. A Virtual Switch provides connectivity
between internal networks, as well as to the Internet. This deployment is simple to provision and is suitable
for protecting a small, fixed quantity of internal networks.
The main disadvantage of this deployment is that each protected network requires its own dedicated
physical interface on the VSX gateway. Obviously, this deployment is not suitable for networks that require
many Virtual Systems.
Figure 11-32 Physical interface per Virtual System
Virtual Systems with Internal VLAN Interfaces
In this deployment example, Virtual Systems connect to internal protected networks using VLAN interfaces.
The VSX gateway connects to a VLAN switch via an 802.1q VLAN trunk, which is an aggregate of all VLANs
passing through it.