Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070

101

102

103

104

105

106

107

108

109

110

Managing VSX Clusters

Check Point VSX Administration Guide NGX R67 | 106

Please refer to the online help and the R75 VPN Administration Guide

(http://supportcontent.checkpoint.com/documentation_download?ID=11675) for further details regarding

VPN concepts and configuration.

Remote Access

The Remote Access page contains properties that govern establishing VPN connections with Remote

Access clients. This window is only available if the Check Point VPN product is enabled on the General

Properties page.

Please refer to the online help and the R75 VPN Administration Guide

(http://supportcontent.checkpoint.com/documentation_download?ID=11675) for further details regarding

VPN with Remote Access clients.

Authentication

The Authentication page allows you to enable several different authentication options ("Working with

Authentication" on page 63) for a VSX gateway.

Logs and Masters

The Logs and Masters page allows you define logging ("Tracking Activity with SmartView Monitor" on

page 69)options for a VSX gateway.

Capacity Optimization

The Capacity Optimization page allows you to maximize cluster and VPN throughput by limiting the number

of concurrent connections, the number of concurrent IKE negotiations, and the number of concurrent VPN

tunnels. To raise or lower the maximum, use the arrows in the appropriate field to set the desired value.

Cooperative Enforcement

Cooperative Enforcement works with Check Point Endpoint Security servers. This feature utilizes the

Endpoint Security server compliance capability to verify connections arriving from various hosts across the

internal network. The Cooperative Enforcement window contains several configuration properties for

defining this feature. For more information, please refer to the online help and the R75 IPS Administration

Guide (http://supportcontent.checkpoint.com/documentation_download?ID=11663).

Advanced Pages

The VSX Bridge Configuration page allows you to specify the loop detection algorithm when working in the

Bridge mode.

Enable the Check Point ClusterXL option to enable the Active/Standby Bridge mode loop detection

algorithms contained in ClusterXL.

Enable the Standard Layer-2 Loop Detection Protocols to use standard loop detection protocols, such as

STP or PVST+.

For more about SNMP, connection persistence and permissions to install policies, see the R75.20 Firewall

Administration Guide (http://supportcontent.checkpoint.com/documentation_download?ID=12267) and the

R75.20 IPS Administration Guide

(http://supportcontent.checkpoint.com/documentation_download?ID=12270).

Changing the Cluster Management IP and/or Subnet

You can change the cluster management IP address and/or subnet by executing the vsx_util

change_mgmt_ip ("change_mgmt_ip" on page 198) and vsx_util change_mgmt_subnet

("change_mgmt_subnet" on page 201) commands.