https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/126267#M18312 <P>Hi. Currently we have a 1450 appliance in a serviced office. We are going to swap it out for a 4000 appliance. We have 1 internal interface that's the default gateway of the PCs. Its IP is 10.10.10.1. Looking at the routing table, any traffic for the subnet 10.10.10.0/24 is forwarded to the same interface (LAN1; IP 10.10.10.1)</P><P>On the full version of Gaia I know if I put in the next hop as 10.10.10.1 I will get an error saying that the IP is already taken by the FW interface. I believe all I need to do is to specify the next hop as an interface and the routing should work (I don't know the IP of the switch downstream). I don't have a means of testing until the migration is in progress - am I thinking along the right lines with this?</P><P>&nbsp;</P> Tue, 10 Aug 2021 16:49:38 GMT Wyman 2021-08-10T16:49:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/126267#M18312 <P>Hi. Currently we have a 1450 appliance in a serviced office. We are going to swap it out for a 4000 appliance. We have 1 internal interface that's the default gateway of the PCs. Its IP is 10.10.10.1. Looking at the routing table, any traffic for the subnet 10.10.10.0/24 is forwarded to the same interface (LAN1; IP 10.10.10.1)</P><P>On the full version of Gaia I know if I put in the next hop as 10.10.10.1 I will get an error saying that the IP is already taken by the FW interface. I believe all I need to do is to specify the next hop as an interface and the routing should work (I don't know the IP of the switch downstream). I don't have a means of testing until the migration is in progress - am I thinking along the right lines with this?</P><P>&nbsp;</P> Tue, 10 Aug 2021 16:49:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/126267#M18312 Wyman 2021-08-10T16:49:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/126282#M18316 <P>In general, yes, you would use the interface as the next hop.<BR />Is the gateway also going to have an IP on 10.10.10.0/24?<BR />In which case, that route should not be necessary as it should be added as a result of adding the IP to the interface.</P> <P>Which does beg the question what purpose this route is serving.</P> Tue, 10 Aug 2021 20:42:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/126282#M18316 PhoneBoy 2021-08-10T20:42:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/127106#M18411 <P>Hi PhoneBoy. Thanks for the reply. Yes, the internal IP of the FW will have the IP of 10.10.10.1/24 so that will be the clients' default gateway.</P> Mon, 16 Aug 2021 15:08:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Static-Route-Entry-Appliance-vs-Full-Gaia/m-p/127106#M18411 Wyman 2021-08-16T15:08:20Z