Manualshelf

Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070
41424344454647484950
Configuring VSX
Check Point VSX Administration Guide NGX R67 | 49
VPN Domain: The VPN Domain defines the set of hosts located behind a given Virtual System that
communicate via a VPN tunnel with peer Virtual Systems. These options are only available if you
selected VPN in the Check Point Products section on the General Properties page.
When including a virtual device as part of a VPN connection, you must specify a VPN Domain. The
domain definition specifies Virtual System interfaces that are included in the VPN. You can define a VPN
Domain in one of two ways by enabling the appropriate option:
All IP Addresses behind gateway based on topology information: Includes all hosts not located
behind an external gateway cluster interface.
Manually Defined: Includes all hosts in the selected network or group.
Virtual System - NAT
The NAT page allows you to configure NAT rules for packets originating from a Virtual System.
To enable and configure NAT for a Virtual System:
1. Enable the Add Automatic Address Translation option.
2. Select a translation method from the list.
Hide NAT: Hide NAT only allows connections originating from the internal network. Internal hosts
can access internal destinations, the Internet and other external networks. External sources cannot
initiate a connection to internal network addresses.
Static NAT: Static NAT translates each private address to a corresponding public address.
3. If you select Hide NAT, select one of the following options:
Hide behind Gateway hides the real IP address behind the virtual system external interface IP
address,
or
Hide behind IP Address hides the real address behind a virtual IP address, which is a routable,
public IP address that does not belongs to any real machine.
4. If you selected Static NAT, enter the static IP address in the appropriate field.
5. Select the desired VSX gateway from the Install on Gateway list.
Virtual System - IPS
Virtual Systems use the default protection profile. There are no configurable options here.
Virtual System - VPN
The VPN page contains a variety of configuration properties for Virtual Systems in site-to-site VPN
deployments. This window is only available if the Check Point VPN product is enabled on the General
Properties page.
Please refer to the online help and the R75 VPN Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=11675) for further details regarding
VPN concepts and configuration.