Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070

VSX Architecture and Concepts

Check Point VSX Administration Guide NGX R67 | 24

Description

SmartDomain Manager

Multi-Domain Server

SmartDashboard

Domain Management Server

Main Domain Management Server

VSX Gateway

VSX Virtual System in Domain Management Servers

Using the SmartDomain Manager, you provision and configure Domains and Domain Management

Servers. Each Domain Management Server uses its own SmartDashboard instance to provision and

configure its Virtual Systems, virtual devices, and security policies.

Management Model Comparison

The following table summarizes the capabilities and differences between the two management models. The

capacity figures shown for Multi-Domain Security Management represent estimated, practical limits that will

sustain acceptable performance levels under normal conditions. Actual capacities and performance are a

dependent on many factors, including deployed hardware, network topology, traffic load and security

requirements.

Table 2-1 VSX Management Model Comparison

Feature

Security

Management Server

Multi-Domain Security

Management (Practical Limit)

Management Domains

250

Concurrent Administrators

250

Object Databases

250

Policies

250

Certificate Authorities

250

Virtual Systems

25 (recommended)

250

Management Server Communication - SIC

All communication between the management server and the VSX gateway is accomplished by means of

Secure Internal Communication (SIC), a certificate based channel that authenticates communication

between Check Point components. The management server uses SIC for provisioning virtual devices, policy

installation, logging, and status monitoring.

SIC trust is initially established using a one-time password during configuration of the VSX gateway or

cluster members. For Multi-Domain Security Management deployments, SIC trust is established between

the Domain Management Server associated with the VSX gateway or cluster (Main Domain Management

Server).

Virtual devices establish trust in a different manner than their physical counterparts. When creating a virtual

device, VSX automatically establishes SIC trust using the secure communication channel defined between

the management server and the VSX gateway. The VSX gateway uses its management interface for Secure

Internal Communication between the management server and all virtual devices.