https://community.checkpoint.com/t5/Firewall-and-Security-Management/Default-gateway-beyond-network-scope/m-p/28804#M2271 <HTML><HEAD></HEAD><BODY><P><STRONG>Hi team,</STRONG></P><P></P><P><STRONG>Object</STRONG> : Default gateway beyond network scope</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ios GAIA : 80.10 - VNIC in bridge configuration with ESXi</P><P></P><P>I want to&nbsp;implement the following configuration for my WAN interface:</P><P></P><P><STRONG>IP</STRONG>: 54.39.~.~</P><P><STRONG>Netmask</STRONG>: 255.255.255.255</P><P><STRONG>Gateway</STRONG>: 192.99.~.<STRONG>254</STRONG></P><P></P><P>This interface is linked to my ESXi NIC (bridge mode) whose IP address is 192.99.~.~ I tried different solutions to hard-modify interface and routing configuration without effect:</P><P></P><P>I modify this file:</P><P><STRONG>/etc/routed0.conf</STRONG></P><P>I still got:</P><P>default gateway eth1 preference <STRONG>192.168.1.1</STRONG> 192.99....254 preference 1;</P><P></P><P>I also modify<STRONG> /etc/sysconfig/network-scripts/ifcfg-eth1</STRONG></P><P></P><P><STRONG>I do not want to get out by means of pfsense on 192.168.1.1</STRONG> but with my ESXi interface gateway. I know that this configuration is not a RFC common configuration and had to work hard to find a solution on pfsense ; on pfsense it works now&nbsp; Checkpoint is a RHEL completely modified knowing that it is similar to Quagga. I could put Quagga as an external router but i want to solve this issue. Not a lot of information on the web considering this point.</P><P></P><P>Basic commands like this one doesn't work:</P><PRE style="color: #000000; background-color: #ffffff; font-size: 14px;"><CODE><CODE>set static-route default nexthop gateway address <EM><STRONG><SPAN style="color: #3d3d3d;">192.99.~.</SPAN>254</STRONG></EM> priority 1 on<BR /><SPAN style="background-color: #ffffff; font-weight: 400;">set static-route default nexthop gateway address&nbsp;<STRONG><EM>192.168.1.1</EM></STRONG></SPAN><SPAN style="background-color: #ffffff; font-weight: 400;"><SPAN>&nbsp;</SPAN>off</SPAN><BR /></CODE></CODE>save-config</PRE><P></P><P>Thanks,</P><P></P><P><STRONG>Gregory</STRONG></P><P>First email address:&nbsp;<A href="mailto:gregory.morilleau@alliacom.com">gregory.morilleau@alliacom.com</A></P><P><SPAN>Second&nbsp;email address: </SPAN><A class="jive-link-email-small" href="mailto:gregory.morilleau@axians.com">gregory.morilleau@axians.com</A></P></BODY></HTML> Sat, 22 Sep 2018 19:19:40 GMT Samia_Ferozi 2018-09-22T19:19:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Default-gateway-beyond-network-scope/m-p/28804#M2271 <HTML><HEAD></HEAD><BODY><P><STRONG>Hi team,</STRONG></P><P></P><P><STRONG>Object</STRONG> : Default gateway beyond network scope</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ios GAIA : 80.10 - VNIC in bridge configuration with ESXi</P><P></P><P>I want to&nbsp;implement the following configuration for my WAN interface:</P><P></P><P><STRONG>IP</STRONG>: 54.39.~.~</P><P><STRONG>Netmask</STRONG>: 255.255.255.255</P><P><STRONG>Gateway</STRONG>: 192.99.~.<STRONG>254</STRONG></P><P></P><P>This interface is linked to my ESXi NIC (bridge mode) whose IP address is 192.99.~.~ I tried different solutions to hard-modify interface and routing configuration without effect:</P><P></P><P>I modify this file:</P><P><STRONG>/etc/routed0.conf</STRONG></P><P>I still got:</P><P>default gateway eth1 preference <STRONG>192.168.1.1</STRONG> 192.99....254 preference 1;</P><P></P><P>I also modify<STRONG> /etc/sysconfig/network-scripts/ifcfg-eth1</STRONG></P><P></P><P><STRONG>I do not want to get out by means of pfsense on 192.168.1.1</STRONG> but with my ESXi interface gateway. I know that this configuration is not a RFC common configuration and had to work hard to find a solution on pfsense ; on pfsense it works now&nbsp; Checkpoint is a RHEL completely modified knowing that it is similar to Quagga. I could put Quagga as an external router but i want to solve this issue. Not a lot of information on the web considering this point.</P><P></P><P>Basic commands like this one doesn't work:</P><PRE style="color: #000000; background-color: #ffffff; font-size: 14px;"><CODE><CODE>set static-route default nexthop gateway address <EM><STRONG><SPAN style="color: #3d3d3d;">192.99.~.</SPAN>254</STRONG></EM> priority 1 on<BR /><SPAN style="background-color: #ffffff; font-weight: 400;">set static-route default nexthop gateway address&nbsp;<STRONG><EM>192.168.1.1</EM></STRONG></SPAN><SPAN style="background-color: #ffffff; font-weight: 400;"><SPAN>&nbsp;</SPAN>off</SPAN><BR /></CODE></CODE>save-config</PRE><P></P><P>Thanks,</P><P></P><P><STRONG>Gregory</STRONG></P><P>First email address:&nbsp;<A href="mailto:gregory.morilleau@alliacom.com">gregory.morilleau@alliacom.com</A></P><P><SPAN>Second&nbsp;email address: </SPAN><A class="jive-link-email-small" href="mailto:gregory.morilleau@axians.com">gregory.morilleau@axians.com</A></P></BODY></HTML> Sat, 22 Sep 2018 19:19:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Default-gateway-beyond-network-scope/m-p/28804#M2271 Samia_Ferozi 2018-09-22T19:19:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Default-gateway-beyond-network-scope/m-p/28805#M2272 <HTML><HEAD></HEAD><BODY><P>The only supported mechanism to configure static routes in Gaia OS is using the clish commands or via the WebUI.</P><P>Hacking the configuration files you are trying to hack is unsupported.</P><P>You can only configure a next hop to be either:</P><UL><LI>A specific IP address (needs to be on the same subnet)</LI><LI>A specific interface</LI></UL><P>Have you tried configuring the next hop as a specific interface?</P><P></P><P>Note that configuring the default route to have a next hop that is an interface (versus a specific IP) will cause the ARP cache to rapidly fill up.&nbsp;</P></BODY></HTML> Sat, 22 Sep 2018 22:13:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Default-gateway-beyond-network-scope/m-p/28805#M2272 PhoneBoy 2018-09-22T22:13:29Z