Technical data
VSX Architecture and Concepts
Check Point VSX Administration Guide NGX R67 | 27
Connection via a Virtual Router
Traffic arriving via a Virtual Router passes to the appropriate Virtual System based on entries in the Virtual
Router routing table. Routing may be destination-based, source-based or both. Traffic arrives to the
designated Virtual System via its warp link.
Figure 2-11 Typical Virtual Router Scenario
Security Enforcement
Since each Virtual System functions as an independent Security Gateway, it maintains its own, unique
security policy to protect the network behind it. The designated Virtual System inspects all traffic and allows
or blocks it based the rules contained in the security policy.
Forwarding to Destination
Each virtual system maintains its own unique configuration and rules for processing and forwarding traffic to
its final destination. This configuration also includes definitions and rules for NAT, VPN, and other advanced
features.
VSX Routing Concepts
Routing Overview
The traffic routing features in VSX network topologies are analogous to those available for physical
networks. This section discusses several routing features and strategies as they apply to a VSX
environment.
Routing Between Virtual Systems
Virtual Routers and Switches can be used to forward traffic between networks located behind virtual
systems, much in the same manner as their physical counterparts.