Just a quick one to save some of you out there from the mistake I made:
When you create a new VSX Cluster object in the Smartdashbord it will ask you at some point if you want to create a Virtual Network device:
If you do the same mistake here that I made and place a Virtual Switch in front of your Mgmt Interface you are screwed ;)
As you can read at the bottom this configuration is not reversible. So you need to create a new VSX Cluster object and do all configuration again!
Why is a VSwitch in front of the Mgmt Interface a bad Idea? Short and simple:
– There is no benefit!
– If you do a cpstop you lose connectivity to the Mgmt port so you can only reactivate it via Console Port. Now think about troubleshooting scenarios where you need more than one session to the cluster while cpstoped the gateway -> not possible.
Checkpoint Calls this kind of Setup “None Direct Management Interface” (None DMI). You can find a couple of lines about this in the R76 VSX Admin Guide.
Just a small advise so that you dont have to feel like I did: