Technical data

VSX Architecture and Concepts
Check Point VSX Administration Guide NGX R67 | 23
Note - According to the Check Point EULA (End User License
Agreement), a Security Gateway can only manage security policies for
Virtual Systems belonging to a single legal entity. In order to manage
Virtual Systems belonging to multiple legal entities, you need to deploy
a Multi-Domain Security Management management solution with a
separate Domain Management Server for each legal entity. For more
information regarding Licensing, refer to your Check Point Reseller.
Security Management Model
The Security Management model is appropriate for enterprise deployments containing up to 25 Virtual
Systems. In this model, SmartDashboard connects to the Security Gateway, which in turn manages the VSX
gateway.'
The Security Gateway provides a single management domain with one object database to manage Virtual
Devices as well as other physical devices. Only one administrator at a time can use SmartDashboard to
provision Virtual Systems, and configure security policies.
Multi-Domain Security Management Model
Using the Multi-Domain Security Management model, administrators centrally manage multiple independent
networks, typically belonging to different Domains, divisions or branches. The Multi-Domain Server is the
central management node that controls the network and security policy databases for each of these
networks.
Each Domain network is managed by a Domain Management Server, which provides the full functionality
of a Security Gateway and can host multiple Virtual Systems, virtual devices and physical devices. The
server that manages the VSX gateway is the Main Domain Management Server.
Check Point recommends that each VSX gateway in a Multi-Domain Security Management deployment be
managed by its own, separate, Main Domain Management Server. A VSX gateway can host Virtual Systems
that are managed by different Domain Management Servers.
Figure 2-8 Multi-Domain Security Management Managing VSX
Description