Technical data
Deploying VSX
Check Point VSX Administration Guide NGX R67 | 171
VSX, using the Active/Standby Bridge mode, can be incorporated into the distribution layer, enforcing the
security policy. This is illustrated in the following figure:
Figure 11-37 Active/Standby bridge mode - core network
The routers direct external, "dirty" traffic (typically from the Internet) to the appropriate Virtual System via a
segregated VLAN. Filtered, "clean" traffic exits the Virtual System via a separate segregated VLAN back to
the routers and on to internal destinations.
This deployment scenario is appropriate for very large enterprises.
Per Virtual System High Availability
With per Virtual System high availability, each Virtual System monitors its own interfaces for failure.
Figure 11-38 Virtual System failover
In this example, each cluster member contains three identical, synchronized Virtual Systems. The member
designated as M1 currently process traffic for all Virtual Systems. If VS2 fails on M1, it fails over to its peer in
M2. VS1 and VS3 continue to function normally on M1.
Virtual System Load Sharing (VSLS)
VSX clusters can efficiently balance network traffic load by distributing active virtual systems amongst
cluster members. This capability is known as Virtual System Load Sharing (VSLS).