https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/174071#M31651 <P>In order to understand why this isn't working, this will likely need a ticket with TAC.</P> Wed, 08 Mar 2023 17:47:36 GMT PhoneBoy 2023-03-08T17:47:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/173942#M31625 <P>I have the following route map:</P><P>&nbsp;</P><LI-CODE lang="markup">set routemap t0privedge-out id 10 on set routemap t0privedge-out id 10 restrict set routemap t0privedge-out id 10 match network 10.0.0.1/32 exact set routemap t0privedge-out id 10 match network 10.0.0.2/32 exact set routemap t0privedge-out id 10 match network 10.0.0.3/32 exact set routemap t0privedge-out id 10 match network 10.0.0.4/32 exact set routemap t0privedge-out id 10 match network 10.0.0.5/32 exact set routemap t0privedge-out id 10 match network 10.0.0.101/32 exact set routemap t0privedge-out id 10 match network 10.0.0.102/32 exact set routemap t0privedge-out id 10 match network 10.0.0.103/32 exact set routemap t0privedge-out id 10 match network 10.0.0.104/32 exact set routemap t0privedge-out id 10 match network 10.0.0.105/32 exact set routemap t0privedge-out id 10 match network 10.50.171.64/26 all set routemap t0privedge-out id 10 match network 10.50.171.128/26 all set routemap t0privedge-out id 10 match network 10.51.1.0/28 all set routemap t0privedge-out id 10 match network 172.19.0.0/29 all set routemap t0privedge-out id 10 match network 172.19.0.8/29 all set routemap t0privedge-out id 10 match network 172.19.0.40/29 all set routemap t0privedge-out id 10 match network 172.19.18.0/29 all set routemap t0privedge-out id 10 match network 172.21.0.0/28 all set routemap t0privedge-out id 20 on set routemap t0privedge-out id 20 allow set routemap t0privedge-out id 20 match network 10.0.0.0/8 all set routemap t0privedge-out id 20 match protocol direct set routemap t0privedge-out id 30 on set routemap t0privedge-out id 30 allow set routemap t0privedge-out id 30 match network 172.16.0.0/12 all set routemap t0privedge-out id 30 match protocol direct set routemap t0privedge-out id 40 on set routemap t0privedge-out id 40 allow set routemap t0privedge-out id 40 match network 192.168.0.0/16 all set routemap t0privedge-out id 40 match protocol direct set routemap t0privedge-out id 100 on set routemap t0privedge-out id 100 restrict</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>+ this:</P><P>&nbsp;</P><LI-CODE lang="markup"> set routemap dflt-out id 10 on set routemap dflt-out id 10 allow set routemap dflt-out id 10 match network 0.0.0.0/0 exact set routemap dflt-out id 100 on set routemap dflt-out id 100 restrict </LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>And then applied against my bgp:</P><P>&nbsp;</P><LI-CODE lang="markup">set bgp external remote-as 65007 export-routemap "dflt-out" preference 10 on set bgp external remote-as 65007 export-routemap "t0privedge-out" preference 20 on</LI-CODE><P>&nbsp;</P><P><BR />I'm still seeing the restricted subnets in id 10 as advertised however, along with the directly connected routes I also expect. Why is this?</P> Tue, 07 Mar 2023 22:16:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/173942#M31625 dphonovation 2023-03-07T22:16:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/173948#M31632 <P>Version/JHF of gateway?<BR />Also tagging&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/24175">@Sundeep_Mudgal</a>&nbsp;</P> Wed, 08 Mar 2023 00:10:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/173948#M31632 PhoneBoy 2023-03-08T00:10:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/174071#M31651 <P>In order to understand why this isn't working, this will likely need a ticket with TAC.</P> Wed, 08 Mar 2023 17:47:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/BGP-Route-Map-to-restrict-certain-ranges-from-private-ranges/m-p/174071#M31651 PhoneBoy 2023-03-08T17:47:36Z