Technical data

Configuring VSX

Check Point VSX Administration Guide NGX R67 | 36

Important - This setting cannot be changed after you complete the VSX Gateway Wizard.

If you define a non-DMI gateway, you cannot change it to a DMI gateway later.

4. Define the IP address and Net Mask for a Virtual Router.

These options are not available for a Virtual Switch.

5. Optionally, define a Default Gateway for a Virtual Router (DMI only).

VSX Gateway Management

In the VSX Gateway Management window, define security policy rules that protect the VSX gateway. This

policy is installed automatically on the new VSX gateway.

Note - This policy applies only to traffic destined for the VSX gateway. Traffic destined for Virtual

Systems, other Virtual Devices, external networks, and internal networks is not affected by this

policy.

The security policy consists of predefined rules for these services:

 UDP - snmp requests

 TCP - ssh traffic

 ICMP - echo-request (ping)

 TCP - https (secure http) traffic

Configuring the Gateway Security Policy

1. Allow: Select to pass traffic on the selected services. Clear this option to block traffic on this service. By

default, all services are blocked.

For example, to be able to ping the gateway from the management server, allow ICMP echo-request

traffic.

2. Source: Click the arrow and select a Source Object from the list.

The default value is *Any. Click New Source Object to define a new source.