Professional Documents
Culture Documents
40VS
Networking
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd.
Course Timetables
14:00
VSX Networking GW Implementation
15:00
Meeting with Check Point
R&D
16:00
VSX CoreXL Affinity &
Debug & Troubleshooting
Memory RC
17:00
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 2
VSX features
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 3
Overlapping IP space support
Internet
Each Virtual Device Provides end
to end separation of Network and
Security Infrastructure.
Customer D
10.10.10.0/24
Customer A Customer C
Customer B 10.10.10.0/24
10.10.10.0/24
10.10.10.0/24
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 4
Inter-VS Routing
802.1q
Application Servers
Virtual Switch
802.1q
Database Servers
Virtual Router
Web Servers
Both Web and Application Servers require services from
the Database servers.
Each service requires different security handling.
Each VS handles the specific security requirements of the segment.
Virtual Switches and Routers facilitate inter VS connectivity.
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 5
Unnumbered interfaces
Warp Links
P-T-P 192.168.1.1 172.169.1.1 192.150.2.1 200.128.4.1
connections
Reducing the systems
overall IP addresses
192.168.1.1 172.169.1.1 192.150.2.1 200.128.4.1
Internal Interface
Unnumbered interfaces borrow an IP
address from one of the VSs interfaces
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 6
Unnumbered interfaces limitations
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 7
Routes Propagation
Virtual Switch
Requires the VS to be
connected to VR or VSW
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 8
Propagating routes to Virtual Router
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 9
Propagating routes through Virtual Switch
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 10
Routes Propagation
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 11
Network Address Translation in VSX
Virtual Router
Some configuration
required when
connected to VR
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 12
Network Address Translation in VSX
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 13
Network Address Translation in VSX
Virtual System
connected to a Virtual
Switch.
4.0.0.1
192.168.8.1
192.168.8.9
4.0.0.9
192.168.8.9
4.0.0.9 192.168.8.9
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 14
Source-Based Routing
Source-Based Routing:
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 15
Source-Based Routing
EVR
IVR
192.168.50.4
192.168.50.1
VR forwarding routing
based on source IP Source-Based
Routing
address.
10.50.50.2/24
10.1.1.2/24
10.100.100.2/24
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 16
Deployment scenarios
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 18
Inter-VS connectivity, without an external
connection
Interconnect Virtual
Systems
No shared interface
Only allowed with VSW
Virtual Switch
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 19
Source-based routing with Virtual Switches
Source-Based
Routing
10.1.1.2/24
10.100.100.2/24
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 20
Allowing Customer to manage its security #1
Customers want to
manage their own
security policy.
VSX Management
interface
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 21
Allowing Customer to manage its security #2
network. interface
Internet Internet
VSX VSX
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 23
Thank you !
Please proceed to lab 2,3
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd.