1. Two XOS chassis need to be configured and VRRP must be activated:

Chassis A:
system-identifier 1
system-internal-network 1.1.0.0 255.255.0.0
#
remote-box 2 1.1.2.20 192.168.128.181
...
management gigabitethernet 13/1
  ip-addr 192.168.128.83/24 192.168.128.255
  enable
  access-list 1 input
  access-list 1 output


Chassis B:
system-identifier 2
system-internal-network 1.1.0.0 255.255.0.0
#
remote-box 1 1.1.1.20 192.168.128.83
...
management gigabitethernet 13/1
  ip-addr 192.168.128.181/24 192.168.128.255
  enable
  access-list 1 input
  access-list 1 output


2. Configure VSX vap-group on both chassis:

vap-group vsx xslinux_v3
  vap-count 3
  max-load-count 3
  no rp-filter
  ap-list ap1 ap2 ap3 ap4 ap5 ap6 ap7 ap8 ap9 ap10
  load-balance-vap-list 1 2 3
  ip-forwarding
  ip-flow-rule vsx_default_vsx
    action load-balance
    activate


3. Configure management and sync network on both chassis (please update as needed based on the number of required VAPs):
Note: management circuit is IP-less as IP will be provided when installing the application

Chassis A:
circuit mgmt circuit-id 1025
  device-name mgmt
  vap-group vsx
    ip-forwarding
    management-circuit
   
- Check Point synchronization circuit

circuit sync circuit-id 1026
  device-name sync
  link-state-resistant
  vap-group vsx
    ip-forwarding
    management-circuit
    ip 172.17.15.9 255.255.255.248 172.17.15.15 increment-per-vap 172.17.15.11

- Assign circuits to physical interfaces

interface gigabitethernet 1/2
  logical mgmt
    circuit mgmt

interface gigabitethernet 2/1
  logical sync
    circuit sync


Chassis B:
circuit mgmt circuit-id 1025
  device-name mgmt
  vap-group vsx
    ip-forwarding
    management-circuit
   
- Check Point synchronization circuit

circuit sync circuit-id 1026
  device-name sync
  link-state-resistant
  vap-group vsx
    ip-forwarding
    management-circuit
    ip 172.17.15.12 255.255.255.248 172.17.15.15 increment-per-vap 172.17.15.14

- Assign circuits to physical interfaces

interface gigabitethernet 1/2
  logical mgmt
    circuit mgmt

interface gigabitethernet 2/1
  logical sync
    circuit sync


4. Configure customer interfaces on both chassis:

circuit intranet circuit-id 1027
  device-name inta
    vap-group vsx

circuit internet circuit-id 1028
  device-name inte
    vap-group vsx

interface gigabitethernet 1/5
  logical inta
    circuit inta

interface gigabitethernet 1/6
  logical inte
    circuit inte


5. Configure VRRP statements on both chassis:

Chassis A:
vrrp failover-group vsx failover-group-id 1
  priority 250
  virtual-router vrrp-id 1 circuit inta
    backup-stay-up
    mac-usage vrrp-mac
    vap-group vsx
  virtual-router vrrp-id 2 circuit inte
    backup-stay-up
    mac-usage vrrp-mac
    vap-group vsx

Chassis B:
vrrp failover-group vsx failover-group-id 1
  priority 200
  virtual-router vrrp-id 1 circuit inta
    backup-stay-up
    mac-usage vrrp-mac
    vap-group vsx
  virtual-router vrrp-id 2 circuit inte
    backup-stay-up
    mac-usage vrrp-mac
    vap-group vsx


6. Install VSX application on both chassis on each VAP group and reload the VAP groups.

7. When the VAP groups have been reloaded, start the CP management GUI and create your VSX cluster. "Crossbeam Systems" must be selected as Cluster Platform.

8. As soon as the cluster is working, you can start provisioning the system. Virtual systems and circuits will be created automatically in Crossbeam XOS configuration.