Manualshelf

Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070
171172173174175176177178179180
Deploying VSX
Check Point VSX Administration Guide NGX R67 | 173
Core Network Security
Many Enterprise environments are based on core networks. Situated adjacent to core network backbone
switches, VSX protects the internal network by providing security at layer-2, layer-3 or both. VSX
communicates with the core network using the existing infrastructure. With Virtual Systems in the Bridge
Mode, VSX can protect departmental networks, while simultaneously preventing network segmentation. In
this case, switches are located at the entrance to each department's network.
Figure 11-40 Core network deployment
VSX ensures connectivity between the core network and the Internet or external networks, while providing
perimeter security. Security can be configured on a per VLAN basis.
Dynamic Routing
The figure below presents a sample deployment of an enterprise network using dynamic routing protocols
(OSPF/BGP). VSX secures each DMZ service, VPN peer, Domain and partner network while providing
complete integration with dynamic routing protocols.
In this example, BGP neighbor updates in the routed core network are selectively redistributed to application
networks. OSPF provides connectivity between Virtual Routers, Virtual Systems, the core network and
application networks.
Figure 11-41 Dynamic routing