CCMSE NGX Plus VSX course will give you with an understanding of key concepts and skills necessary to effectively deploy and configure VPN-1 VSX, to control multiple customer sites. This course provides hands-on training for installing VSX on Secure Platform. You will configure Security Policies for multiple remote firewalls, using the Provider-1 NGX Multi-Domain GUI (MDG). You can also learn about managing multiple firewall-secured environments and Virtual Routers in a VSX configuration and using Virtual Systems. You will understand how to perform advanced configuration tasks such as establishing redundant VSX Gateways for High Availability functions.

Audience:

Security managers, network engineers, or system administrators implementing VSX in an enterprise environment.

Prerequisites:

CCSE, CCMSE, CCSA or equivalent experience and knowledge.

Duration of the course: Part Time : N/A
Full Time : 3 Days (8 hours per day)

VPN-1 VSX Architecture and Deployment:

  • VSX Overview.
  • VSX Building Blocks.
  • Managing the VSX Gateway.
  • Clustering in VSX.
  • IP Address Allocation for VSX Implementation.
  • VSX Packet Flow and Routing.
  • Routing from Virtual System to Virtual System.
  • Overlapping IP Address-Space Support.

VSX Management Server Installation and Configuration:

  • VSX Management.
  • SmartCenter Management Model.
  • Provider-1 Management Model.
  • Check Point Licenses.
  • Upgrading Previous Deployments.
  • VSX NGX System Requirements.
  • Installing and Configuring VSX.
  • Installing Provider-1 NGX for VSX on a Secure Platform Machine.
  • Installing the Provider-1 NGX MDG on Windows.

VSX Gateway Installation and Configuration:

  • VSX Gateway's Virtual Topology.
  • Management of Virtual Devices.
  • Installing the VSX Gateway on SecurePlatform.
  • Unique State-Table Configuration.
  • Security Policy Separation.
  • Unique Configuration Parameters.
  • Management Virtual System.
  • VSX Interface Support.
  • External Virtual Routers.
  • Management Server Communication.
  • Provisioning and Network-Configuration Channel.
  • System Virtualization.
  • Advanced Routing Configurations.

VSX and Layer2 Communications:

  • Virtual Switch.
  • Virtual Switch in a Cluster.
  • Virtual Switch and Dynamic Routing using OSPF.

VSX and VLAN Tagging:

  • VLAN Technology.
  • VLAN Tagging.
  • VLAN Tag Composition.
  • VLAN Trunking and Membership.
  • Implicit/Explicit VLAN Membership.
  • VLAN Configuration in a VSX Environment.
  • Configuring Interfaces to Allow VLAN-Tagged Traffic.
  • Associating VLAN Traffic with specific Virtual Systems.

Deploying Virtual Systems in a Bridged Configuration:

  • Virtual System in Bridge Mode.
  • Security for Virtual Systems in Bridge Mode.
  • Clustering Virtual Systems in Bridge Mode (ClusterXL Only).

Configuring VSX Gateway High Availability:

  • VSX Gateway High Availability.
  • NGX and VSX Clustering.
  • VSX state Synchronization.
  • Synchronization Network.
  • Synchronization Modes.
  • Deploying Multiple VSX Gateways in an HA Environment.
  • Creating VSX Gateway and EVR Cluster Objects.
  • Completing VSX System Configuration.
  • Configuring Customer Clusters.

Working with Link Aggregation:

  • Link Aggregation Overview
  • Link Aggregation Terminology
  • How Link Aggregation Works
  • High Availability Overview
  • Load Sharing Overview
  • Bond Failover
  • Failover Support for VLANs
  • Bond Interface & Interface Limitations
  • Configuring the High Availability Bond
  • Updating the Interface Topology
  • Configuring the Load Sharing Bond
  • Setting Critical Required Interfaces
  • Setting Affinities

VSX Diagnostics and Troubleshooting:

  • General Troubleshooting Steps
  • Troubleshooting Specific Problems
  • Cannot Establish SIC Trust for Gateway or Cluster
  • SIC Trust Problems with New virtual devices
  • Re-establishing SIC Trust with Virtual Devices
  • Install Policy Error Using VSX Creation Wizard
  • Internal Host Cannot Ping Virtual System
  • Command Line Reference