Technical data

Managing VSX Clusters

Check Point VSX Administration Guide NGX R67 | 125

--------- Launch the Dynamic Routing Module

vsx1:0]# router

ER0 999 Unable to connect to host 'localhost'!

ER0 999 Dynamic Routing is not supported on VSX gateway/cluster

Use 'vrf-connect' to enter specific Virtual System

(disconnected)>vrf-connect 1

localhost.localdomain- VRF-1>enable

localhost.localdomain- VRF-1#configure terminal

--------- Enable OSPF and provide an OSPF router ID

localhost.localdomain- VRF-1(config)#router ospf 1

localhost.localdomain- VRF-1(config-router-ospf)#router-id

192.168.116.10

localhost.localdomain- VRF-1(config-router-ospf)#restart-type [

graceful | signaled ]

localhost.localdomain- VRF-1(config-router-ospf)#redistribute

kernel

--------- Define interfaces/IP addresses on which OSPF runs (Use

the cluster IP

localhost.localdomain- VRF-1(config-router-ospf)#network

1.1.10.10 0.0.0.0 area 0.0.0.0

localhost.localdomain- VRF-1(config-router-ospf)#network

1.1.10.20 0.0.0.0 area 0.0.0.0

-------- Exit the Dynamic Routing Module

localhost.localdomain- VRF-1(config-router-ospf)#exit

localhost.localdomain- VRF-1(config)#exit

-------- Write configuration to disk

localhost.localdomain- VRF-1#write memory

IU0 999 Configuration written to '/etc/gated1.ami'

localhost.localdomain- VRF-1#\

The same configuration needs to be applied to each cluster member.

As the FIB Manager uses TCP 2010 for routing information synchronization, the Security Policy must accept

TCP 2010 to and from all cluster members. This is enabled as an implied rule.