Technical data
Deploying VSX
Check Point VSX Administration Guide NGX R67 | 169
Note to this scenario:
Each Virtual System uses a public IP address to connect to the Virtual Switch
Each local network connected to a Virtual Router uses private IP addresses
This deployment does not support overlapping IP addresses
Anti-spoofing protection does function for packets originating from the shared internal interface. We
recommend that you configure the internal physical router to perform anti-spoofing protection.
The Routing Concept section ("VSX Routing Concepts" on page 27) provides a detailed discussion of
routing options in VSX environments.
Virtual Systems in the Bridge Mode
A Virtual System in the bridge mode implements native layer-2 bridging instead of IP routing. This allows
network administrators to easily and transparently deploy a Virtual System in an existing network topology
without reconfiguring the existing IP routing scheme. The figure below, shows a scenario where each Virtual
System in the Bridge Mode protects a VLAN switched network.
Figure 11-35 Virtual Systems in Bridge Mode
Bridge Mode (on page 90) deployments are particularly suitable for large-scale clustered environments.
Cluster Deployments
This section presents several examples of cluster deployments that highlight important VSX features. The
discussion is intended to introduce these features as they relate to deployment strategy. Refer to the
conceptual discussion of cluster deployments ("Introduction to VSX Clusters" on page 82) section for more
information.
Active/Standby Bridge Mode
The Active/Standby Bridge Mode provides path redundancy and loop prevention, while offering seamless
support for Virtual System Load Sharing and overcoming many Spanning Tree Protocol (STP) Bridge mode
limitations.
The following sections describe two cluster deployment scenarios using the Active/Standby Bridge Mode.