Technical data
Using VSX with Multi-Domain Security Management
Check Point VSX Administration Guide NGX R67 | 74
For More Information
For more information regarding licensing, refer to the Check Point User Center
(http://usercenter.checkpoint.com).
VSX Provisioning
The procedures for provisioning and configuring VSX gateways, clusters and virtual devices using the Multi-
Domain Security Management model are essentially the same as described for the Security Gateway
management model. The principle difference is that you must first create and configure each Domain and its
associated Domain Management Server objects using the SmartDomain Manager.
Each individual Domain Management Server is functionally equivalent to one Security Gateway. It has its
own SmartDashboard instance that you use to provision, configure and manage network objects and
security policies.
The steps for provisioning a VSX environment in using the Multi-Domain Security Management model are
as follows:
1. Define and configure Multi-Domain Server ("Defining an Additional Multi-Domain Server in the
SmartDomain Manager" on page 75) and Multi-Domain Log Server as appropriate for your deployment.
2. Create and configure a Domain ("Creating a New Domain Object" on page 76) and a main Domain
Management Server for each VSX gateway and/or VSX cluster using the SmartDomain Manager.
3. Create and configure VSX gateway ("Creating a New VSX Gateway" on page 32) and/or cluster objects
("Creating a New Cluster" on page 93) using the main Domain Management Server SmartDashboard.
Modify the default security policy for these objects if desired.
4. Define individual Domains and Domain Management Servers ("Creating a New Domain Object" on page
76) as required for your deployment.
5. Create and configure Virtual Systems ("Creating a New Virtual System" on page 42) and other virtual
devices for each Domain using that Domain's SmartDashboard.
Defining Multi-Domain Servers
This section briefly presents the procedures for installing and deploying Multi-Domain Server machines in a
VSX/Multi-Domain Security Management environment. For complete Multi-Domain Server installation and
definition processes, see the Installation Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=10327) and the Multi-Domain Security
Management Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=8741).
When working with management High Availability, you define at least two Multi-Domain Server machines.
You can also employ multiple Multi-Domain Server machines to efficiently distribute management traffic
(management Load Sharing) by creating multiple Domain Management Servers for individual Domains. For
Load Sharing, define a Domain Management Server for each Multi-Domain Server.
Installing a New Multi-Domain Server
To install and initially configure a new Multi-Domain Server, perform the procedures as summarized below.
For detailed procedures and explanations of the various options, please refer the High End Security Product
Suite Getting Started Administration Guide.
1. Install the Multi-Domain Server using the installation CD or installation file downloaded from the Check
Point Download Center. Make certain that you have superuser permissions.
a) On SecurePlatform, the installation routine runs automatically.
b) On Solaria and Linux platforms, navigate to the appropriate directory and execute the mds_setup
script.
2. Follow the instructions on the screen.
3. After the rebooting computer, enter the sysconfig command to perform the initial configuration.
Follow the instructions on the screen.