Technical data

VSX Architecture and Concepts
Check Point VSX Administration Guide NGX R67 | 22
Unnumbered Interfaces
VSX allows you reduce the number of IP addresses required for a VSX network deployment when using one
or more Virtual Routers. A Warp link connected to a Virtual Router can "borrow" an existing IP address from
another interface, instead of assigning a dedicated address to the interface leading to a Virtual Router. This
capability is known as an Unnumbered Interface.
Figure 2-7 Unnumbered interfaces
The above figure illustrates a topology using unnumbered interfaces. In this example, the external interfaces
for each Virtual System are unnumbered and borrow the IP address of the internal interfaces. Unnumbered
interfaces act as the next hop from the Virtual Router.
Unnumbered Interface Limitations
The following limitations apply to Unnumbered Interfaces:
Unnumbered interfaces must connect to a Virtual Router.
You can only "borrow" an individual interface IP address once.
In order to use VPN or Hide NAT, the borrowed address must be routable.
VSX Management Overview
Introduction
VSX supports two Check Point management models: Security Management and Multi-Domain Security
Management. Both models provide central configuration, management and monitoring for multiple VSX
gateways and Virtual Systems. The choice of management model depends on several factors, including:
The scale of the current deployment and anticipated expansion
Administrative requirements
Physical and operational requirements
Licensing restrictions
You can use either management model to manage "physical" Security Gateway together with VSX
gateways and Virtual Systems. You can also manage VPN communities and remote connections with either
model.