topic DHCP push route in Firewall and Security Management

DHCP push route

Hayat — Thu, 03 Jun 2021 11:02:03 GMT

Hi,

We're using the Checkpoint 750 Security Appliance, and I'm looking for a way to push a route from the DHCP server configured on our main LAN network to the DHCP clients.

There is a way to it?

Re: DHCP push route

_Val_ — Thu, 03 Jun 2021 11:15:01 GMT

It is not a best practice to resolve routing issues on a client side. Could you please elaborate about what you are trying to achieve and why?

Re: DHCP push route

Hayat — Thu, 03 Jun 2021 13:29:19 GMT

Thank you for your reply.

Our LAN network is 192.168.1.0/24 and the remote LAN is 192.168.90.0/24.

I have a site to site VPN NATed from our Checkpoint to a OpenVPN server (192.168.1.2) in the LAN with another OpenVPN server on another site.

At first, I've configured a static route on the Checkpoint (192.168.1.1) to route all traffic from our LAN to 192.168.90.0/24 through the local OpenVPN server (192.168.1.2). at this point I was able to ping 192.168.90.0/24 from LAN but couldn't SSH or connect on any other port. (Probably due to ping redirect, since 192.168.1.1 sent me to 192.168.1.2 on the same LAN).

When I added a static route on a client (192.168.1.159) to send traffic sent to the remote LAN (192.168.90.0/24) directly through the OpenVPN server (192.168.1.2), I've got a full access to 192.168.90.0/24.

I want to prevent configuring client by client with this static route so I thought to push it using the LAN's DHCP.

Re: DHCP push route

_Val_ — Thu, 03 Jun 2021 13:42:00 GMT

Got it. AFAIK, you cannot do that with SMB.

Re: DHCP push route

Hayat — Thu, 03 Jun 2021 13:48:37 GMT

Thank you.

Re: DHCP push route

PhoneBoy — Fri, 04 Jun 2021 16:37:22 GMT

I believe you would do this by configuring DHCP Option 33.
You'd have to configure this as a custom DHCP option in the 750, which you should be able to do.
Something like: https://ercpe.de/blog/advanced-dhcp-options-pushing-static-routes-to-clients
(Note: haven’t tested this)