Please mind the Gap…and the VSwitch! – VSwitch in front of the VS0 Mgmt Interface is a bad idea!



Just a quick one to save some of you out there from the mistake I made:

When you create a new VSX Cluster object in the Smartdashbord it will ask you at some point if you want to create a Virtual Network device:


If you do the same mistake here that I made and place a Virtual Switch in front of your Mgmt Interface you are screwed ;)
As you can read at the bottom this configuration is not reversible. So you need to create a new VSX Cluster object and do all configuration again!

Why is a VSwitch in front of the Mgmt Interface a bad Idea? Short and simple:

– There is no benefit!
– If you do a cpstop you lose connectivity to the Mgmt port so you can only reactivate it via Console Port. Now think about troubleshooting scenarios where you need more than one session to the cluster while cpstoped the gateway -> not possible.

Checkpoint Calls this kind of Setup “None Direct Management Interface” (None DMI). You can find a couple of lines about this in the R76 VSX Admin Guide.

Just a small advise so that you dont have to feel like I did:



About SebastianB

read it in my blog
This entry was posted in Checkpoint and tagged , , , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.