Technical data

VSX Architecture and Concepts
Check Point VSX Administration Guide NGX R67 | 30
Limitations
Source-based routing does not support overlapping IP addresses.
Anti-spoofing protection is not effective for packets origination form a shared internal interface because
there is no physical or logical segregation of traffic. In this case, it is recommended that you deploy anti-
spoofing protection on the router itself.
NAT
Virtual Systems support Network Address Translation (NAT), much in the same manner as a physical
firewall. When a Virtual System, using either Static or Hide NAT, connects to a Virtual Router, you must
propagate the affected routes to the virtual router. To do so, you need to first define NAT addresses for
Virtual Systems connected to a Virtual Router.
The NAT configuration section ("Virtual System - NAT" on page 49) presents the configuration procedure for
NAT on Virtual Machines.
Dynamic Routing
Virtual Devices can communicate and distribute routes amongst themselves using dynamic routing. VSX
provides full layer-3 dynamic routing for Virtual Systems and Virtual Routers. The following unicast and
multicast dynamic routing protocols are supported:
OSPF
RIP-v2
BGP-v4
IGMP
PIM-SM
PIM-DM
Dynamic routing is configured and stored separately for each Virtual Device. Each Virtual Devices has its
own dynamic routing daemon.
VSX Clusters
A VSX cluster consists of two or more identical, interconnected VSX gateways that ensure continuous data
synchronization and transparent failover. Furthermore, Virtual System Load Sharing (VSLS) enhances
throughput by distributing Virtual Systems, together with their traffic load, amongst multiple, redundant
machines.
VSX supports the following cluster environments:
Check Point ClusterXL
Crossbeam X-Series Chassis
VSX supports the following Bridge Mode solutions for ClusterXL deployments:
STP Bridge Mode: Provides path redundancy while preventing undesirable loops between
redundant switches.
Active/Standby Bridge Mode: Provides full path redundancy and loop prevention, while offering
seamless support for Virtual System Load Sharing and overcomes many STP limitations.
The VSX Clusters chapter ("Introduction to VSX Clusters" on page 82) provides detailed conceptual
information, while the Cluster Management chapter ("Managing VSX Clusters" on page 93) provides
detailed configuration procedures, including instructions for enabling and using all VSX clustering features.
For more about Check Point ClusterXL features and functionality see the R75.20 ClusterXL Administration
Guide (http://supportcontent.checkpoint.com/documentation_download?ID=12265).