Manuel d'utilisation / d'entretien du produit VSX-1 9070 du fabricant Check Point
Aller à la page of 213
20 Februar y 2012 Administr ation Guide Check Point VSX NGX R67 Classification: [Protected].
© 2012 Check Point Software Technologies Ltd. All rights reserved. T his product and related d ocumentation are protec ted by copyright and distributed under licensing restricting their use, cop ying, distribution, and decom pilation.
Important Informat ion Latest Software W e recommend that you install the mos t recent software releas e to stay up - to -dat e with the latest functi onal improvem ents, stability fixes, security enhance m ents and protection against ne w and evolving attack s.
Contents Important Infor mation ............................................................................................. 3 Introduction to VSX ................................................................................................ 9 Product Names .
Working wi th VSX Gatew ays .............................................................................. 32 Creating a New VSX Gatew ay ....................................................................... 32 Modifying VS X Gatew ay Definitions ..
VSX High Avai lability .......................................................................................... 85 VSX Gateway High Avai lability ...................................................................... 85 Per Virtual Sy stem High Av ailability .
Link Aggregation Overview ............................................................................... 130 Link Aggregation Terminology ..................................................................... 130 How Li nk Aggregation Works ..........
Migrating from an Open Server to a VS X-1 Appliance ...................................... 177 VSX Diagnostics and T roubleshooting ............................................................. 179 Introduction ........................................
Check Point VSX Administration Guide NGX R67 | 9 Chapter 1 Introduction to VSX In This Chapter Product Nam es 9 VSX Glossar y 10 VSX Overview 10 How VSX W orks 11 Key Features and Benefits 12 T y pica.
Introduction to VSX Check Point VSX Administration Guide NGX R67 | 10 VSX Glossary Term Definition VSX V irtual S y stem E x tension - Check Point virtual network ing solution, hosted on a single com puter or cluster contai ning virtual abstractions of Check Point Security Gatewa ys and o ther network devices.
Introduction to VSX Check Point VSX Administration Guide NGX R67 | 11 How VSX Works Each "virtual" Securit y Gateway (kno wn as a Virtual System in VSX terminolog y) functions as an independent fire wall, protecting a specif ic network.
Introduction to VSX Check Point VSX Administration Guide NGX R67 | 12 VSX Virtual Net work Topology The exam ple shows how a single VSX g ateway, in this case conta ining four Virtual S ystems, protects all four network s.
Introduction to VSX Check Point VSX Administration Guide NGX R67 | 13 VSX QoS Enforcement provides t he ability to control net work quality of service in the VSX network environment b y supporting the Differentiated S ervices (Dif fServe) protocol and ass igning different transmiss ion characteristics to different classes of service.
Introduction to VSX Check Point VSX Administration Guide NGX R67 | 14 College cam puses with many discrete net works for s tudents, faculty and administration Any other large organ ization requiring m ultiple firewalls In each case, VSX pro vides access c ontrol, NAT, VPN, rem ote access, logging, and IP S services.
Check Point VSX Administration Guide NGX R67 | 15 Chapter 2 VSX Architect ure and Concepts In This Chapter Overview 15 The VSX Gatewa y 15 Virtual Devices 18 VSX Managem ent Overview 22 VSX Traffic Fl.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 16 Local Managemen t Conn ection W hen using a local m anagement server (Securi ty Management Serv er or Multi -Dom ain Sec.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 17 Check Point recom mends that remote m anagement connections use a d edicated m anagement interface (DMI) that connects directly to a router or switch t hat leads to the externa l network or the Inter net.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 18 Provisioning and loggi ng may degrade user perform ance Does not support se veral new VSX features Non-DMI i.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 19 A typical bridge m ode scenario incorpor ates an 802.1q compatible VLAN s witch on either side of the VSX gateway. The Virtua l System interf aces do not require IP addresses an d it remains transparent to t he existing IP network .
VSX Architecture a nd Concepts Check Point VSX Administration Guide NGX R67 | 20 Virtual Switches By providing layer- 2 connectivit y, a Virtual Switch connects Virtual S ystems and fac ilitates sharing a common physical interf ace w ithout segmenting the ex isting IP network .
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 21 A Physical Interface c onnects the Virtual Switch to an ex ternal router le ading to the Int ernet. VLAN Interfaces connect the Virtual S ystems to the VLAN Switch, via A VLAN trunk .
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 22 Unnumb ered Interfaces VSX allows you reduce t he number of IP addresses required for a V SX network deplo y ment when using on e or more Virtual Ro uters.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 23 Note - According t o the Check Point EULA (End User License Agreement), a Securi ty Gatewa y can only manage s ecurity policies for Virtual System s belonging to a single legal e ntity.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 24 Description 1 SmartDom ain Manager 2 Multi-Domain Serv er 3 SmartDashboard 4 Domain Managem ent Server 5 Main Domain Man.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 25 VSX Traffic Flo w Overview A VSX gatewa y processes traff ic according to the following steps: Context determ inatio.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 26 Connectio n via a Virtual Switch Traffic arriving via a Virt ual Switch passes to the appropriate V irtual System based on the destination MAC address, as defined in the Virtual Switch f orwarding table.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 27 Connectio n via a Virtual Router Traffic arriving via a Virtual Router pass es to the appropriate V irtual System based on entries in the Virtua l Router routing table. R outing ma y be destination -base d, source-base d or both.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 28 The figure below pr esents an exam ple of how Virtual S ystems connected to a Virtual S witch and a ph ysical VLAN switch com municate with each other. In this exam ple, a host in VLAN 100 sends d ata to a server located in VLAN 200.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 29 Overlapping I P A ddress Space VSX facilitates conn ectivity when m ultiple network segments share the sam e IP address range ( IP add ress space ).
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 30 Limitations Source-based routi ng does not support overlapping IP address es. Anti-spoofing protec tion is not effectiv e for pack ets origination form a shared internal interf ace because there is no ph y sical or log ical segregation of traf fic.
VSX Architecture and Concepts Check Point VSX Administration Guide NGX R67 | 31 High Availability VSX provides for hi gh system availabilit y by ensuring transparent f ailover for VSX gateways and/or for individual Virtual S ystems.
Check Point VSX Administration Guide NGX R67 | 32 Chapter 3 Configuring VSX In This Chapter Overview 32 W orking with VSX Gateways 32 W orking with Virtual Systems 42 W orking with Virtual Switches 51.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 33 To use the VSX Gateway wizard : 1. Open SmartDas hboard. If you are using Multi -Domain Securit y Management, o pen SmartDashboard fr om the Dom ain Management Server of the VSX gate way.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 34 Shared Interface : Virtual systems share one external interface, but m aintain separate intern al interfaces. Separate Interfac es : Virtual s ystems use their own separat e internal and extern al interfaces.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 35 Defining Phy si cal Interfaces In the VSX Gatew ay Interfaces window, define ph ysical interfaces as VLAN tr unk s. The table shows the interfaces currentl y defined on the gate way machine.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 36 Important - T his setting cannot be ch anged after you complete the VSX Gate way Wizard. If you define a non -DMI gatewa y, you cannot change it to a DMI gatewa y later. 4. Define the IP add ress and Net M ask for a Virtual Rout er.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 37 Completing the VSX Wiza rd Click Next to conti nue and then click Finish to com plete the VSX Gate way wizard. This m ay take several minutes to com plete. A message sho ws successful or unsucces sf ul completion of the process.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 38 Color - Color of the object icon as it ap pears in the Obj ect Tree. Secure Internal Com munication - Check and re- establish SIC trust. Check Point Products - Select C heck Point products f or this gatewa y.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 39 VSX Gate way - Creation Temp lates The Creation T emplates page displays the creation te mplate used to create the virtual systems for this Security Gatewa y.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 40 VSX Gate way - Topology The T opology page contains definitions for interfaces and routes b etween interf aces and virtual devices. Interfaces The Interfaces s ection defines interfaces and links to devices.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 41 Note - If you wish to enab le anti-s poofing protection when there are no routes pointing to interna l networks, disable th e Cal culating topology option and modif y the appropriate interfac e definitions to enable anti - spoofing.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 42 VSX Gateway R ecovery In the event of a catastro phic VSX gatewa y failure, you can use the vsx_util co mmand to restore the VSX gateway conf iguration as we ll as its virtual de vice configuration.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 43 2. In the Network Objects tab, located in the Objects T ree , right-click Check Point and se lect New Check Point > VPN -1 Power VSX > Virtual System . T he VSX Gateway Wizard opens, displa ying the General Properties page.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 44 Shared Interface or Separate Interfaces The Virtual System Netw ork Configuration page f or the Shared Interf ace and Separate Interfaces templates appears as shown. To configure the ex ternal and in ternal interfac es: 1.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 45 To configure the ex ternal and internal interfaces: 1. Select the desired int erfaces for the interna l and exter nal network s from the appropriate list. If the selected Interf ace is a VLAN interface, e nter the same VLAN ta g in both the external an d internal VLAN Tag f ields.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 46 To configure the ex ternal and internal interfaces: 1. In the interface table, define interfac es. You can add ne w interfaces as well as delete and m odify existing interfaces. To add an interf ace, click Add .
Configuring VSX Check Point VSX Administration Guide NGX R67 | 47 Completing the D efinition Click Next and th en Finish to create the Virtual System . Please note that this m ay take s everal minutes to complete. A m essage appears indicating suc cessful or uns ucc essful com pletion of the process.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 48 Virtual Sy stem - Topology The T opology page contains definitions for Virtual S ystem interfaces, routes and W arp li nks. Based on these interface settings, VSX autom atically creates routes to Virtu al Devices and the VSX ga teway.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 49 VPN Domain : The VPN Dom ain defines the set of hosts locate d behind a given Vir tual System that communicate via a VPN tunnel with peer Virtual S ystems. These options ar e only available if you selected VPN in t he Check Point Produ cts section on the General P roperties page.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 50 Virtual Sy stem - Remote A ccess The Rem ote Access page contains prop erties that govern estab lishing VPN connections w ith Remote Access clients. This window is onl y available if the Check Point VPN product is enabled on t he Genera l Properties page.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 51 Virtual Sy stem - Advanced These pages contain a variety of conf iguration options for SNMP, connection persist ence and perm issions to install policies.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 52 Defining the General P roperties The General Propertie s page conta ins properties that ident ify the Virtual Switch and the VSX gatewa y or cluster to which it connects .
Configuring VSX Check Point VSX Administration Guide NGX R67 | 53 Virtual S witch - General P roperties The General Propertie s page al lows you to add com ments and change the ico n color as displa yed in SmartDashboard. Virtual S witch - Topology The T opology page defines Virtual Switch interf aces.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 54 You can define Virtual Routers f or both external and int ernal communications. A Virtual Router that c onnects to external network s, including a DMZ an d the Internet, are r eferred to as an exter nal Virtual Router.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 55 Creating a New Vir tual Router You use the Virtual Router Wizard to create a new V irtual Router. You can m odify the initial def inition and configure advanced opt ions after com pleting the wizard.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 56 To add an interf ace, click Add . The Interface Prop erties windo w opens. Select an interf ace from the list and define the IP address , net mask and other properties.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 57 Virtual Rou ter - Topology The Virtual Router Netw ork Configuration page defi nes the network topology for the Virtual Router. F or an external interf ace, you define one or m ore shared external interf aces and a default gate way.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 58 Deleting a Virtual Rou ter You cannot delete a V irtual Router if it is s till connected to a Virtual System.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 59 2. Click A dd to define a new rule or Edit t o modif y an existing rule. T he Add/Edit Route Rule window appears.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 60 Working w ith Interfac e Definiti ons All VSX gatewa ys and Virtual Routers and Virt ual Switches contain at l east one interf ace definition. T y pically, you define the interfaces during the proc ess of configuring the top ology for a given objec t.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 61 Configuring Connection s Leading t o Virtual R outers The General tab for i nterface connections leading to Virtual Routers c ontains connection pro perties specific to Virtual Routers.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 62 External : The interf ace leads to external net works or to the Internet. Internal : The interfac e leads to internal net works and/or a DMZ and includes t he following properties: Not Defined : IP routing is not def ined for this device.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 63 6. Close the window and save the definition. 7. Add a rule to the Ru le Base that allows traff ic for the specified m ulticast groups and instal l the policy.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 64 SecurID SecurID requires users to possess a tok en authenticator and to suppl y a password. T oken auth enticat ors generate one-tim e passwords that are s ynchronized to an RSA ACE/server.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 65 Private : Servers are accessible fr om Virtual Systems In both instances, the SecurID ACE/Server se nds a shared ke y (called a "node secret") to its peer ACE/Clients. T his key is unique per IP address , and is s ent once for each IP addr ess.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 66 CLIENT_IP=<Virtual System cluster IP> 3. Perform cpstop/cpstar t . Perform the following procedure o n all cluster m embers: 4.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 67 2. Open $FWDIR/conf/c pauthd.conf , on the VSX Gate way machine using a t ext editor. 3. Add or modif y the following attributes accord ing to the table: Attribute Default Value Explanation clauth_port 259 The TCP port on which c lient authentication o ver TELNET is done.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 68 Co nfiguring A uthentication fo r Specific V irtual Sy ste ms To configure c lient/ses sion authent ication for the VSX Gate way: 1. Backup $FW DIR/CTX/CTX#/conf/cpauthd.c onf , where CTX# ref ers to the specific Virtual S y stem directory.
Configuring VSX Check Point VSX Administration Guide NGX R67 | 69 Configuring NAT You configure NAT using the N A T page in the Virtual System window. H ide or Static NAT addresses configured in this m anner are automaticall y forwarded to the Virtua l Router to whic h the Virtual System is connected.
Check Point VSX Administration Guide NGX R67 | 70 Chapter 4 Using VSX with Multi-Doma in Security Manage ment You can manage a V SX deployment using Mu lti-Dom ain Securit y Management. T his chapter assum es that you are fam iliar with the Multi-Dom ain Security Manag ement product.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 71 Description 1 SmartDom ain Manager 2 Multi-Domain Serv er 3 SmartDashboard 4 Domain Managem ent Server.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 72 Multi-Domain Log Server licenses are a vailable in packs of 10, 25, 50, 100 and 250.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 73 Limitations of VSX/Domain Managemen t Server Bun dle Licenses Bundle licenses onl y cover Virtual S y stem s. If you wish to mix ph ysical devices (Security Gate ways, etc.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 74 For More Informatio n For more inf ormation regarding licensing, ref er to the Check Point User Cen ter ( http ://userc enter.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 75 Note - You m ust always define the firs t Multi-Dom ain Server as the primar y Multi-Dom ain Server. Each addit ional Multi-Dom ain Serverm ust be defined as a secondar y Multi-Dom ain Server.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 76 Status Checking Interval : Interval in sec onds between Multi -Dom ain Server/Dom ain Management Server status check s (Default = 300). Secure Internal Communi cation T rust : Click Comm unication to open the 3.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 77 Domain Prop erties Page Enter the Dom ain or business entity name, c ontact person nam e and contact p.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 78 Global Objects W hen assigning a global polic y to a Domain Managem ent Ser ver, you can choo se to assign all global objects or to assign only those objects req uired by the global po licy Rule Base.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 79 To assign perm issions: 1. Select an administrat or in the Not Assigned co lumn and click Add or select an a dministrator in the Assigned windo w and click Permissions .
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 80 To assign an predefin ed GUI client to this Dom ain, select one or m ore GUI clients or gr oups from the Not Assigned co lumn and click Add . The GUI client m oves to the Assigned colum n.
Using VSX with Multi-Domain Security Management Check Point VSX Administration Guide NGX R67 | 81 Modifying Existing D omains and Servers To modif y existing Dom ains and Dom ain Managem ent Servers, double -click the objec t in the SmartDom ain Manager General - Domain Content s view.
Check Point VSX Administration Guide NGX R67 | 82 Chapter 5 Introduction to VSX Clust ers This chapter prese nts a conceptual overv iew of VSX cluster deplo yments, with em phasis on clustering features and their ap plication.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 83 Internal network s send traffic destined for the I nternet or externa l networks, to the cluster I P address. T his traffic is proces sed by the designated cluster m ember, inspected, and for warded to its external des tinatio n.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 84 VSX Cluster Arc hitecture VSX IP address allocat ion is similar to ph y sical net works. Both real and virtual IP addresses are r equired for network connectiv ity (internal and externa l), management, and st ate synchronizati on.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 85 VSX High Availability This section desc ribes VSX high availabilit y features.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 86 Note - The f ollowing virtual devices are not supported wh en the Per Virtual System state is enabled: Virtual Router.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 87 VSLS allows the adm inistrator to either m anually plac e specific Virtual S ystems on specific c luster mem bers, or allow the system to determ ine the dispersal configurati on automatically.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 88 Virtual Sy stem States VSLS adds a back up state to the existing acti ve and standby sta tes. T he backup state contains th e latest configuration settings f or each Virtual System , but does not receive state table synchroni zation.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 89 Systems, which are f ully synchronized with the ir active pe ers, change imm ediately to the act ive state and preserve active connect ions. At the sam e time, the backup Virtual S ystems switch to standb y, and synchronize full y with the newly active Virtua l Systems.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 90 Failure Recover y W hen the failed cluster mem ber or Virtual System com es back online, the s ystem returns to its original load sharing configuration.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 91 Deploy ment Scenarios This section presents illustrative Active/Standb y Bridge m ode deploy ments , which cannot funct ion using a standard STP Bridg e mode configuration.
Introduction to VSX Clusters Check Point VSX Administration Guide NGX R67 | 92 VSX, using the Active /Standby Bridge m ode, is incorporated int o the distribution l ayer, enforcing the secur ity policy.
Check Point VSX Administration Guide NGX R67 | 93 Chapter 6 Managing VSX Cluste rs Th is chapter presents the procedures f or configuring VSX in various cluster deplo y me nt scenarios.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 94 Defining Cluste r General Properties The Cluster General Properties pa ge contains basic identificat ion properties for VSX gatewa ys. This window contains t he following properties: VSX Cluster Name : Unique, alphanum eric for the cluster.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 95 You alwa y s have the opt ion of overriding the def ault creation tem plate when creating or m odifying a Virtual System The ava.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 96 To add a ne w member: 1. In the VSX Cluster Mem bers window, click A dd . T he Member Properties window opens. 2. Enter the a unique m ember nam e and its IP addres s in the appropriate f ields.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 97 Configuring Cluster Members If you selected the cus tom configuration option, th e V SX Cluster M embers window appears. I n this window, you define th e synchron ization IP address for each member.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 98 TCP : https (secure ht tp) traffic Configuring the Clu ster Security Policy 1. Allow : Enable a rul e to allow traff ic for those services for which you wish to allow t raffic.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 99 General Prop erties Use the General Prop erties pa ge to view general pro perties and to activate Che ck Point products f or use with this cluster and its members .
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 100 Cluster Members The Cluster M embers page enables you to view and/or m odify several properti es for individual clust er mem bers, including IP addresses for m embers and the internal com munication network .
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 101 Where Used Click Where used t o display inform ation relating to the selecte d member in the obj ects database. The following data appe ars in the window: Name : C luster nam e.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 102 Creation Temp lates The Creation T emplates page displays the creation te mplate used to create Virtu al Systems.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 103 Topology The T opology page contains interf ace and routing definitions. Interfaces The Interfaces s ection defines interfac es and links to devices. You can add new i nterfaces as well as del ete and modif y existing interfaces.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 104 2. In the Route Configuratio n windo w, modify the IP ad dress, net mask and next hop param eters as necessary. 3. Enable or clear the Propagate route to adj acent Virtual Dev ices o ption as neces sary.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 105 In the Set VPN Dom ain window, select a VPN domain from the list or click New to define a ne w domain. Click OK in both windo ws to continue. NAT The Advanced page allows you to configure NAT f or Virtual Systems c onnected to a Virtual Route r.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 106 Please refer to the online help and the R75 VPN Adm inistration Guide ( http://su pportconten t.chec kpoint.com /docum entation_do wnload?ID= 11675 ) for further detai ls regarding VPN concepts and co nfiguration.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 107 Changin g the Internal C ommunicat ion Net work IP You can change the in ternal comm unication network IP address b y using the vsx_uti l change_private_net (" change_mgmt_private_ net " on page 198 ) comm and.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 108 8. Reboot the ne w member. If the cluster is running in the VSLS m ode, run vsx_ut il vsls to red istribute Virtual S y stem s to the n ewly added mem ber.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 109 section of the R75 SecurePlatform A dministration Guide ( http://su pportconten t.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 110 Notes to the Upg rade Process You only need to run t he vsx_uti l upgrade c ommand once for each V SX cluster. You must, however, run the vsx_ util reco nfigure com mand for each cluster m ember.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 111 2. Re -initialize the m embers using the cpstop and cpstart commands. Converting the C luster To conv ert the cluster to HA : 1. Execute the vsx_util convert_cluster c ommand . 2.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 112 vsx_util convert_cluster ************************************************* Note: the operation you are about to perform changes the information in the management database. Back up the database before continuing.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 113 Configuring Ne w Cluster Members To configure membe rs for VSX ga te way high av ailability: 1.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 114 Enabling the Per Virtual System State Mode The Per Virtual System State m ode enable active V irtual System s to be placed on diff erent cluster mem bers, and for Virtual System -specific failover.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 115 6. Export VSLS conf igurations to comm a separated value (CSV) text f iles 7. Exporting and Im port VSLS configurations f rom/to comm a separated value (CSV) text f iles To work with the vsx_util v sls command : 1.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 116 Automaticall y assign weights onl y to Virtual S ystems. This m ethod prompts you for a weight for each Virtual System and then autom atically updates the settings. Manuall y assign both priorities and weights to individual Virtual S ystems.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 117 Virtual Sy stem Priority Virtual System priority refers to a preference regarding which m em ber hosts a Virtual System's active, standby, and back up states. T his preference is express ed as an integer value, as shown in the following table.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 118 VSLS Configu ration File The VSLS configurat ion file is a com ma separated va lue (CSV) text file that cont ains configuration settings for all Virtual S y stem s controlled by a managem ent server.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 119 command enables the action and the next oc currence disables it. T hese options his a llow you to efficientl y debug very long conf iguration files by displa ying or logging onl y suspicious sections of the data.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 120 Enabling STP Bridge Mode when Creating Member W hen creating a new VSX gateway for use as a cluster mem ber, configure the following cluster opt ions during the initial config uration process ( sysconfig or cp config ): 1.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 121 Configuring a Cluster f or PVST+ Load Shar ing To configure a VSX c luster for PVST+ load s haring, perform the procedures described in the ST P Bridge Mode section (" ST P Bridge Mode " on pag e 119 ).
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 122 Configuring V irtual Systems for Active/S tandby Bridge Mode To configure a Virtual System to use the Bridge m ode, you m ust define it as a Virtual S y stem in the Bridge mode when initiall y creating it.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 123 Source Cluster MAC A ddresses Cluster mem bers use CCP to comm unicate with each other. I n order to distinguis h CCP packets f rom ordinary network traffic, CCP pack ets are given a unique source MAC address.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 124 To enable m onitoring of all VLANs, enab le the fw ha_m onitor_all_vlans propert y in $FWDIR/boot/modules/fwkern.conf . Note - Monitoring all VLANS is enable d automaticall y when the Per VLAN state option is enabled.
Managing VSX Clusters Check Point VSX Administration Guide NGX R67 | 125 --------- Launch the Dynamic Routing Module vsx1:0]# router ER0 999 Unable to connect to host 'localhost'! ER0 999 Dy.
Check Point VSX Administration Guide NGX R67 | 126 Chapter 7 Working with URL Filte ring In This Chapter Introduction 126 Configuring URL F iltering 127 Introduction Access to the Internet ca n expose.
Working with URL Filtering Check Point VSX Administration Guide NGX R67 | 127 Following categor y assignm ent, the W eb Filterin g engine then block s or allows the traff ic according to one or more o.
Working with URL Filtering Check Point VSX Administration Guide NGX R67 | 128 Note - T he URL database also includes I P addresses. B y Default, all IP addresses are al lowed, even if include d in the Allow or Block lists.
Working with URL Filtering Check Point VSX Administration Guide NGX R67 | 129 Performing Manu al Updates To perform a manual database update: 1. On the Database Updat es page in the SmartDashboar d Content Inspection tab, click Update databases now . The Update Databa ses wizard ope ns.
Check Point VSX Administration Guide NGX R67 | 130 Chapter 8 Working with Link Aggre gation In This Chapter Link Aggregation Over view 130 Configuring Link Aggregation for High Availab ility 134 Link .
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 131 How Link Aggre gation Wor ks A bond contains a m inimum of one and may contain up to eight s lave interfaces. All slave interfaces contained in a bond s hare a comm on IP and MAC address.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 132 In this scenario: Member-1 and Member-2 are cluster m embers in the High A vailability mode S-1 and S-2 are s w.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 133 2. The bond initiates f ailover to a standb y interface. Since this is a fai lover within the bond, th e status of the other cluster m ember is un affected.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 134 Up to eight interf aces can be defined in a Link Aggregation deployment. Configuring Link A ggregation fo r High Av ailability This section exp lains how to create a ne w High Availabilit y Link Aggregation deplo y ment.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 135 pimreg eth5 eth6 3. Repeat this process f or each mem ber. Verify ing that the Bon d is Functionin g Properly After installation or fai lover, it is recomm ended to verify that the bon d is up, by displa ying bond information.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 136 Defining the Interface Bo nd W hen the sl ave interf aces are without IP addres ses, define the bond: 1. Start the SecurePlatf orm configurat ion utility: sysconfig 2. Select Network Connections .
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 137 Reconfiguring the Bond using SmartDas hboard To configure the ne w ly created bond: 1. In the SmartDashbo ard navigation tree, do uble-click the VSX gatewa y or cluster object.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 138 802.3ad - includes LACP and is the recomm ended mode, but som e switches m ay not support this mode. XOR. In Load Sharing m ode, all the interfaces of a bond must be con nected to the sam e switch.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 139 b) Enter 2 and configure t he following set tings as required: MII Monitoring Interval : Specif ies the MII link m onitoring frequency in m illiseconds. This determines how of ten the link s tate of each slave is inspected for l ink failures.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 140 bond1 3 In this case bond0 would be considered do wn when three of its i nterfaces have failed.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 141 Creating the C luster. Define the cluster object (" Creating a New Cluster " on page 93 ) using SmartDas hboard.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 142 2) [x]eth1 4) [_]eth3 6) [_]eth5 ----------------------------- ---- --------------------------------- (Note: configuration ch anges are autom atically saved) Your choice: 6.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 143 If a smaller num ber of interfaces will be able to handle the expected traffic, y ou can increase redu ndancy by explicitly defining the number of cr itical interfaces.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 144 Verify ing that the Bon d is Functionin g Properly After installation or fai lover, it is recomm ended to verify that the bon d is up, by displa ying bond information. 1.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 145 5. Install the polic y. Configuring Cisco Swi tches for Loa d Sharing These are sam ple configuration comm ands for Cisc o switches.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 146 To enslave ne w interfaces to an existing bond : 1. At the VSX Gatewa y or cluster m ember, run sysconfig . 2. Select Network Connections . 3. Select Configure Connection .
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 147 Removing a Bo nd Interface fro m Virtual devices You must rem ove the bond fr om all virtual devices that connect t o it (Virtual S ystems, Virtual Routers, Virt ual Switches).
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 148 Changing an Existing Interface to a Bond The following sam ple scenario dem onstrates the procedure for c onfiguring an exis ting VSX cluster to a use a Link Aggregation bond.
Working with Link Aggregation Check Point VSX Administration Guide NGX R67 | 149 connections m ay cause physical loops where packets are continuousl y forwarded (or ev en multipl y ) in such a way that network will ultim ately crash.
Check Point VSX Administration Guide NGX R67 | 150 Chapter 9 Optimizing VSX In This Chapter VSX Resource Co ntrol 150 QoS Enforcem ent 153 VSX Resource Control Overview VSX Resource Co ntrol allows ad.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 151 Virtual System Priorities VSX Resource Co ntrol uses a w eight f actor to assign priorities to Virtual Systems. T he weight factor is expressed as an integ er between one and 1 00, that indicates a part icular Virtual System 's priority in relati on to other Virtual S ystems.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 152 A ssigning Priorities to V irtual Sy ste ms Assigning Virtual S ystem priorities requires editing the Re source Co ntrol configuration file $FWDIR/conf/resctrl on the VSX gat eway or on each cluster m ember.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 153 [Expert@rescon:0]# fw vsx resctrl stat Virtual Systems CPU Usage Statistics ==================================== Number of CPUs/Hyper .
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 154 W ithout QoS Enforc ement, all these different traf fic types are given equ al pri ority on the VSX gate way and are handled in a sim ple FIFO (f irst in-first out) m anner. W hen the VSX gateway is congested, a ll traffic t ype s suffer the sam e degree of latenc y and drops.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 155 QoS Features Two main features of QoS are: Resource allocation Latency control Resource A l location System resources are a llocated by assigning d ifferent weights to dif ferent classes of service.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 156 One or more DSC P values. T he Differentiated Service s code po int Priority and LLQs If there are m ultiple LLQ classes, pack ets are handled in a strict pri ority -based manner.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 157 Argument Value weight This value is used onl y for classes of type "reg". It determ ines the relative portion of the r esources that the class wil l receive in relation to other weighted classes .
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 158 Statistics values are rese t after each quer y. Statistics should be pres ented periodicall y with intervals less than 1 m inute. It is recomm ended to use the watch com mand to periodicall y present the statistic s.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 159 cpqos class add Platinum type llq prio 2 dscp 32 cpqos class add Gold type reg prio 3 weight 100 dscp 26 cpqos class add Silver type r.
Optimizing VSX Check Point VSX Administration Guide NGX R67 | 160 3. Statistics exam ple. The follo wing command lists statistics f or the previousl y de fined c lasses: class priority type weight rx .
Check Point VSX Administration Guide NGX R67 | 161 Chapter 10 Hardware He alth Monitoring SecurePlatform enables a number of hardware health m onitoring capabilities for Check Point appliances and for open ser vers.
Hardware Health Monitoring Check Point VSX Administration Guide NGX R67 | 162 RAID Monitoring with SNMP The health of disk s’ RAID arra y can be monitored using the SecurePlatform SNMP monitoring daem on. SNMP traps can b e set to fire once an OID value is in breach of a co nfigurable thr eshold.
Hardware Health Monitoring Check Point VSX Administration Guide NGX R67 | 163 Physical Disks inform ation OID Comment Revision .7 Size .8 Maximum s upported LBA (Logical Block Addressi ng) State .
Hardware Health Monitoring Check Point VSX Administration Guide NGX R67 | 164 VSX -1 3070 cp_monitor 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.1.0 > 80 20 "M/B Temp is too high" cp_monitor 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.2.0 > 100 20 "CPU Temp is too high" cp_monitor 1.
Hardware Health Monitoring Check Point VSX Administration Guide NGX R67 | 165 UTM-1 130 cp_monitor 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.1.0 > 80 20 "M/B Temp is too high" cp_monitor 1.3.6.1.4.1.2620.1.6.7.8.1.1.3.2.0 > 90 20 "CPU Temp is too high" UTM-1 270 cp_monitor 1.
Check Point VSX Administration Guide NGX R67 | 166 Chapter 11 Deploying VSX In This Chapter Introduction 166 Internal Network Deployment Strategies 166 Organizational Deplo yment Strategies 172 Migrat.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 167 VSX Virtual System D eployment Strate gies In a VSX environm ent, Virtual System s protect internal net works, m uch in the sam e manner as Security Gateways and other C heck Point products in a physical network .
Deploying VSX Check Point VSX Administration Guide NGX R67 | 168 This deployment optio n is appropriate for e nvironments where m any Virtual S ystems protect m any internal networks with a sing le VSX gatewa y or cluster.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 169 No te to this scenario: Each Virtual S y stem uses a public IP address to co nnect to the Virtual S witch Each local net work c.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 170 VLAN Shared In terface Dep loyment - Active S tandby Bridge Mode In this scenario, each i ndividual m ember connects to pair of r edu ndant switches via a VLAN trunk. All Virtual Systems in a given m ember share the sam e VLAN trunk .
Deploying VSX Check Point VSX Administration Guide NGX R67 | 171 VSX, using the Active /Standby Bri dge mode, can be in corporated into the d istribution layer, enforc ing the security policy.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 172 The figure below illustrat es a deployment scenari o with three cluster m embers, each containing t hree Virtual Systems. In this conf iguration, an equalize d load sharing deplo y ment m ight have one acti ve Virtual System on each cluster m ember.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 173 Core Net work Security Many Enterprise e nvironments are based on core networks . Situated adjacent to core networ k back bone switches, VSX protec ts the internal network by providing securit y at la yer-2, la yer-3 or both.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 174 Perimeter Secu rity In the figure below, sec urity is enforced o n a per-VLAN basis. The OSPF and BGP Dynam ic routing protocols provide con nectivity to multiple sec urity zones along the p erimeter.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 175 VSX and Multi-Dom ain Securit y Management provide a centralized, granu lar prov isioning s ystem for a number of Dom ains. Applications and s ervices are sep arated by discrete Virtua l Systems .
Deploying VSX Check Point VSX Administration Guide NGX R67 | 176 Data Centers Data center providers s upply external host ing services for Dom ain servers and databases. T he service typically includes inf rastructure, connectivit y, and security for multiple Dom ains.
Deploying VSX Check Point VSX Administration Guide NGX R67 | 177 Migrating from an Open Server to a VSX-1 A pp liance Check Point VSX -1 appliances use different interface nam es than Open Server platforms (SecurePlatform , Linux).
Deploying VSX Check Point VSX Administration Guide NGX R67 | 178 Please select one of the following interfaces to be replaced: 1) lan0 2) lan1 Enter your choice:2 Please select one of the following in.
Check Point VSX Administration Guide NGX R67 | 179 Chapter 12 VSX Diagnostics a nd Troubleshooting In This Chapter Introduction 179 General Troubleshoot ing Steps 179 Troubleshooting Specif ic Problem.
VSX Diagnostics and Troubleshooting Check Point VSX Administration Guide NGX R67 | 180 c) Examine connectivit y status using standar d operating s y stem commands and tools such as: ping, traceroute, tcpdump, ip route, ftp , etc. Som e of these run accordin g to context (i.
VSX Diagnostics and Troubleshooting Check Point VSX Administration Guide NGX R67 | 181 Possible Causes How to Resolv e Time or time zone mism atch betw een the management and the gatew ay. For proper SIC opera tion, the tim e, date and time zone m ust be synchronized between the m anagement server and gateways/ cluster m embers.
VSX Diagnostics and Troubleshooting Check Point VSX Administration Guide NGX R67 | 182 Possible Causes How to Resolv e Missing or invalid VSX gateway/cluster li censes. Run fw v sx st at on all gateways, and m ake sure that the output says Number of Vi rtual Systems allow ed by license: is great er than 0 .
Check Point VSX Administration Guide NGX R67 | 183 Chapter 13 Command Line Ref erence In This Chapter Firewall Comm ands 183 VSX Comm and 187 Link Aggregation CLI Commands 191 VSX Resource Co ntrol Co.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 184 fw monitor Description Captures network packets at m ultiple points wit hin the VSX environment. You can o nly run one instance of this comm and at a time on VSX gatewa y. This section onl y presents the syntax rele vant for VSX gatewa ys or clusters.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 185 Description Displays state tables f or a specific Virtual S ystem. State tables are used to store state inf ormation that Virtua l Systems use to correc tly inspect pack ets. Parameters Parameter Description [- vs vsid | vsname] Specify a Virtual S ystem by name or by ID.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 186 Argument Description -c Cluster mode, get p olicy from one of the cluster memb ers, fr om the Check Point Hi gh Availabilit y (CPHA) kernel list. -i Ignore SIC inform ation (for exam ple, SIC name) in the data base and use the inform ation in conf/masters .
Command Line Reference Check Point VSX Administration Guide NGX R67 | 187 VSX Command This section desc ribes the vsx comm ands. Note - fw6 vsx comm ands are not supported. Beca use all IPv6 com mands require a corresponding IPv 4 connection, fw6 vsx c ommands are not necessary.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 188 Description Fetches the most current configuration files from the Main Domain Management Server, and applies it to the VSX gateway. Output fw vsx fetch Fetching VSX Configuration From: 10.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 189 Description Sets current context to th e specified Virtual S ystem by name or ID. Parameters Parameter Description VSname or vsid Virtual System name or ID. If no value is entered, the context is set to the VSX gateway.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 190 Description Displays VSX status inf ormation. VSX Gateway Status ================== Name: MyGateway Security Policy: MyGateway.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 191 vsx sic reset Description Resets SIC for the spec ified Virtual S ystem Syntax vsx sic reset {vsname|vsid} Parameters Parameter Description vsname|vsid Specify the Virtual S ystem nam e or ID.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 192 Report Results Required slave interfaces as explained in | (" Setting Critical Re quired Interf aces " on page 139 ). The Status colum n can contain the following val ues: Down (Load Sharing mode only) - the ph ysical link is do wn.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 193 vsx resctrl enfo rce Description Configures the Resourc e Control Enforc er and shows its curr ent status. This comm and overrides the settings in the Reso urce Control configuration file, but does not survive reboot.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 194 vsx resctrl start Description Initializes Resource Co ntrol. Use th is comm and after changing the weights of the Virtua l Systems in the configurat ion file.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 195 Virtual Systems CPU Usage Statistics ==================================== Number of CPUs/Hyper - threading: 2 Monitoring activ.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 196 Description Performs various VSX maintenance t asks. You run this command from the expert mode on the m anagement server (Secur ity Management Serv er or a Main Domain Managem ent Server in a Multi -Domain Securi ty Management environment).
Command Line Reference Check Point VSX Administration Guide NGX R67 | 197 add_member_recon f Description Restores VSX conf iguration after adding a c luster mem ber Syntax vsx_util add_member_reconf I.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 198 7. W hen prompted, select the interface to be re placed. 8. W hen prompted, select the replacem ent interface. a) You can optionall y add a new interface b y selecting " Enter new int erface name ".
Command Line Reference Check Point VSX Administration Guide NGX R67 | 199 Description Changes the cluster internal comm unication network IP address Comments W e recommend that you back up the management da tabase before using this comm and.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 200 Syntax vsx_util change_interfaces Comments This comm and is interactive. Follow the instruc tions on the screen.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 201 issue and then run the vsx_util reconf igure (" reconfigur e " on page 201 ) comm and to complete the process.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 202 Description Restores a VSX config uration to a ne wly installed gateway or cluster mem ber Comments This comm and is also useful for restorin g a gatewa y or cluster mem ber after a system failure.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 203 Description Displays selected interf ace inform ation in a VSX deployment. Pro vides information regard ing interface t ypes, connections to virtual devices , and IP addresses. T he output appears on the screen and is also sa ved to the interfacesconfig.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 204 Interfaces configuration table: + ------------------------- + -------------- + ----------------------------- + |Interfaces |Mg.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 20 5 + ------------------------------------------------------- + ----- + -------- -+ |Routes |Mgmt |VSX GW(s)| + --------------- +.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 206 Description Displays the Virtual S ystem Load Sharing Men u, which allows you to perform a variet y of configuration task s for Load Sharing deplo y ments.
Command Line Reference Check Point VSX Administration Guide NGX R67 | 207 cphaprob state cphaprob [ - a] [ - vs vsid] if The following commands are NOT applicable for 3rd party: cphaprob - d <devic.
.
Index A Active/Standb y Bridge Mode • 13, 90, 121, 169 add_mem ber • 197 add_mem ber_reconf • 198 Adding a Dom ain Managem ent Server • 80 Adding a New Interf ace • 60 Adding a New Mem ber .
Page 210 cpqos class del • 157 cpqos class show • 15 7 cpqos install • 157 cpqos stats • 157 cpqos uninstall • 157 Creating a Bond in a N ew Deployment • 138 Creating a New Clus ter • 93.
Page 211 H Hardware Health Mo nitoring • 13, 161 High Availabilit y • 31 High Av ailabilit y Licenses • 73 High Availabilit y Overview • 131 High Perform ance Security • 12 How Link Aggregat.
Page 212 R Radius • 64 RAID Monitoring with SNMP • 162 reconfigure • 202 Reconf iguring Interf ace Connections • 147 Reconfiguring the Bo nd using SmartDas hboard • 137, 144 Reconfiguring To.
Page 213 Virtual Devices • 18 Virtual IP Address es • 84 Virtual IP Integration • 124 Virtual Network Device Configuration • 35 Virtual Router - A dvanced • 57 Virtual Router - G eneral Prop.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Check Point VSX-1 9070 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Check Point VSX-1 9070 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Check Point VSX-1 9070, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Check Point VSX-1 9070 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Check Point VSX-1 9070, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Check Point VSX-1 9070.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Check Point VSX-1 9070. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Check Point VSX-1 9070 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.