CCMSE NGX Plus VSX course will give you with an understanding of key concepts and skills necessary to effectively deploy and configure VPN-1 VSX, to control multiple customer sites. This course provides hands-on training for installing VSX on Secure Platform. You will configure Security Policies for multiple remote firewalls, using the Provider-1 NGX Multi-Domain GUI (MDG). You can also learn about managing multiple firewall-secured environments and Virtual Routers in a VSX configuration and using Virtual Systems. You will understand how to perform advanced configuration tasks such as establishing redundant VSX Gateways for High Availability functions.


Security managers, network engineers, or system administrators implementing VSX in an enterprise environment.


CCSE, CCMSE, CCSA or equivalent experience and knowledge.

Duration of the course: Part Time : N/A
Full Time : 3 Days (8 hours per day)

VPN-1 VSX Architecture and Deployment:

  • VSX Overview.
  • VSX Building Blocks.
  • Managing the VSX Gateway.
  • Clustering in VSX.
  • IP Address Allocation for VSX Implementation.
  • VSX Packet Flow and Routing.
  • Routing from Virtual System to Virtual System.
  • Overlapping IP Address-Space Support.

VSX Management Server Installation and Configuration:

  • VSX Management.
  • SmartCenter Management Model.
  • Provider-1 Management Model.
  • Check Point Licenses.
  • Upgrading Previous Deployments.
  • VSX NGX System Requirements.
  • Installing and Configuring VSX.
  • Installing Provider-1 NGX for VSX on a Secure Platform Machine.
  • Installing the Provider-1 NGX MDG on Windows.

VSX Gateway Installation and Configuration:

  • VSX Gateway's Virtual Topology.
  • Management of Virtual Devices.
  • Installing the VSX Gateway on SecurePlatform.
  • Unique State-Table Configuration.
  • Security Policy Separation.
  • Unique Configuration Parameters.
  • Management Virtual System.
  • VSX Interface Support.
  • External Virtual Routers.
  • Management Server Communication.
  • Provisioning and Network-Configuration Channel.
  • System Virtualization.
  • Advanced Routing Configurations.

VSX and Layer2 Communications:

  • Virtual Switch.
  • Virtual Switch in a Cluster.
  • Virtual Switch and Dynamic Routing using OSPF.

VSX and VLAN Tagging:

  • VLAN Technology.
  • VLAN Tagging.
  • VLAN Tag Composition.
  • VLAN Trunking and Membership.
  • Implicit/Explicit VLAN Membership.
  • VLAN Configuration in a VSX Environment.
  • Configuring Interfaces to Allow VLAN-Tagged Traffic.
  • Associating VLAN Traffic with specific Virtual Systems.

Deploying Virtual Systems in a Bridged Configuration:

  • Virtual System in Bridge Mode.
  • Security for Virtual Systems in Bridge Mode.
  • Clustering Virtual Systems in Bridge Mode (ClusterXL Only).

Configuring VSX Gateway High Availability:

  • VSX Gateway High Availability.
  • NGX and VSX Clustering.
  • VSX state Synchronization.
  • Synchronization Network.
  • Synchronization Modes.
  • Deploying Multiple VSX Gateways in an HA Environment.
  • Creating VSX Gateway and EVR Cluster Objects.
  • Completing VSX System Configuration.
  • Configuring Customer Clusters.

Working with Link Aggregation:

  • Link Aggregation Overview
  • Link Aggregation Terminology
  • How Link Aggregation Works
  • High Availability Overview
  • Load Sharing Overview
  • Bond Failover
  • Failover Support for VLANs
  • Bond Interface & Interface Limitations
  • Configuring the High Availability Bond
  • Updating the Interface Topology
  • Configuring the Load Sharing Bond
  • Setting Critical Required Interfaces
  • Setting Affinities

VSX Diagnostics and Troubleshooting:

  • General Troubleshooting Steps
  • Troubleshooting Specific Problems
  • Cannot Establish SIC Trust for Gateway or Cluster
  • SIC Trust Problems with New virtual devices
  • Re-establishing SIC Trust with Virtual Devices
  • Install Policy Error Using VSX Creation Wizard
  • Internal Host Cannot Ping Virtual System
  • Command Line Reference