Post

Check Point VSX

Posted
By Sena Perdiana 1 min read

Check Point VSX (Virtual System Extension) is a virtualization technology that is designed to create multiple virtual systems (VSs) on a single physical appliance. Each VS operates as an independent firewall with its own policies, routing tables, interfaces, and network resources.

x


Enabling VSX

On the VSX Gateway, run “set vsx on” to enable VSX

x


Then on SmartConsole, select New » VSX » Gateway and enter the details

x

x

x

x

x


Now the VSX Gateway is up and running

x


Creating Virtual System

To add a VS, select New » VSX » Virtual System, give it a name and select the VSX Gateway

x


Then configure the interfaces and ip routings

x


After that hit Finish

x


Now we have a Virtual System up and running

x


Policies

Here we create a new policy and set the VS-1 as the installation target

x


Then we create a simple policy to allow internet access from the downlink nodes

x


Next hit install on the policy

x


On the client side, we now have internet access going through the VS-1 Firewall

x

x


Creating Second Virtual System

We now know the drill, repeat the process to create the 2nd VS

x


For simplicity, we’ll use the same policy for this VS-2

x


And we also have internet access now on the VS-2 clients

x

x


VSX Validation

On the VSX Gateway, run “vsx stat -v” to see the VS status

x


Command “vsx stat -l” gives a little bit more details on these VSes

x


And run “vsenv” to switch between the VS context, as shown below each context has its own configuration

x


Security, Check Point
Check Point
This post is licensed under CC BY 4.0 by the author.