You may know already that long waited VSX with Software Blades support is finally out.
It is called now Check Point Virtual Systems. It is based on GAiA R75.40 and supports almost all Software Blades, except for Mobile Access Portal.
There are many other interesting features, such as physical-to-virtual conversion wizard and SNMP monitoring per VS.
Mind while it is GAiA based, clustering is only ClusterXL.
UPDATE: apparently it is not exactly OUT yet, nothing is available for download...
I have to imagine downloads aren't far behind. Watch the Check Point Twitter/Facebook account for updates.ReplyDelete
The Release notes and other R75.40VS docs are now available on User Center. The actual binaries can't be too far behind :)ReplyDelete
Sir, why if GAiA clustering soulution is only ClusterXL, why not VRRP? Could you explain, please?ReplyDelete
GAiA VSX only has ClusterXL for clustering, GAiA physical FWs can do both ClusterXL and VRRP.ReplyDelete
The reason for that is VSX to have ClusterXL as part of the core functionality. It is natively integrated with VSX, while VRRP always is an external clustering solution requiring additional configuration out of VSX ecosystem.
Even on Crossbeam, VSX is using ClusterXL within the chassis, with two chassis in VRRP HA. Too much hustle.
Thanks a lot Valeri!Delete
May be you help me may be not, but small story (cry from the heart :)) ) about my experience with R75.40VS
On last week I've made fresh install of R75.40VS to 21400 appliance (it was not in production and software was R67.10) and migrate to virtual environment my Power-1 9070 appliance. Cluster of 21400 working in VSLS mode, connected to two Cisco Nexus 7K. Configuration of 21400 24Gb RAM, 4 of 10G interfaces, 12 of 1G, 12 CPU cores. Using only firewall blade and monitoring blade, about 400k concurrent sessions sometimes it grows till 600k, just firewall and nat. Virtual system configured for 1.2M sessions. About 860 rules.
Now I have two strange issues:
1) One time in day or one time in two days, it stops working with DMZ subnets which connected via trunk 10G interface to Cisco Nexus 7k. When I looking with tcpdump on interfaces i see just arp requests and didn't see arp replies, but physicality all interfaces are up, but in same time this virtual system pass traffic, as usual, through all another interfaces except that DMZ 10G with many configured vlans (about 55 vlans). When i make switch-over "clusterXL_admin down", virtual system goes to another node and it started to work immediately as usual and only reboot of cluster node with hanged vs helps to solve that problem, and after reboot, vs migrate to just rebooted node because it has higher priority and works normally. In same time Sync interface is worked normally, I've tried install policies again, it not helps, tried to make this node active with "clusterXL_admin up", not help, tried to clear mac address table on switch and that 10G interface, I'm also tried to change priority on vs and same things happens again today, but on another 21400 connected to another switch. Can it be related with quantity of vlans on this 10G interface? I know that limitation of interfaces per virtual system 64, now it's 63 and 58 of them, vlans on that 10G interface. Or could you hint to me, which logs should I view, to find whats happened with it, because it first my experience with VSX, or what it can be?
2) Another strange thing or feature :)) or bug. When i create interfaces via dashboard, all interfaces has different subnet mask, in topology configuration, but on VS, when you check "fw getifs" all interfaces has same subnet mask 255.255.255.240, for all interfaces, but have correct route with correct netmask to subnet via device. What it could be? Or it's feature?
In any case thanks you!
You may want to install the very first HFA for R75.40VS. It addresses clustering issues as well as some other ones.
Thanks, I didn't saw it yet. After installation I'll inform you about results.Yesterday night I've found that only 10G trunk to DMZ switch is hanging, but 1G trunk on same switch works fine. Very strange issue))
Hotfix is not help to me, we opening case to checkpoint support. Thanks!
can i configure vsx using virtual image???ReplyDelete
i am using checkpoint via oracle virtualbox in gns3
You can try installing it from ISO, but that won't be a supported systemDelete