topic Re: Path Monitoring for Policy Based Routing in Firewall and Security Management

Path Monitoring for Policy Based Routing

vsurresh — Tue, 18 May 2021 08:22:56 GMT

Hi, guys. Check Point newbie here.

I know there's been plenty of topics regarding PBR on Check Point, but I don't seem to find path monitoring configuration for PBR. Do Check Point support this?

I want the PBR rule to be active only if a particular IP is reachable from the Check Point. For example, send the traffic via MPLS if 5.5.5.5 is reachable. If the IP is unreachable, disable the PBR rule and forward the traffic based on the routing table. This is supported on Palo Alto and wondering is there a way to achieve this on CP.

Thanks

Re: Path Monitoring for Policy Based Routing

PhoneBoy — Tue, 18 May 2021 18:41:03 GMT

@Sundeep_Mudgal

Re: Path Monitoring for Policy Based Routing

Sundeep_Mudgal — Tue, 18 May 2021 18:47:43 GMT

The rule itself cannot be disabled but you can monitor routes in the PBR table and the route can be changed as per reachability. Manipulation of PBR routes should be able to help you achieve desired results. Please contact PS, TAC or Diamond for further assistance.

Re: Path Monitoring for Policy Based Routing

Leader_Kiongi — Thu, 27 Mar 2025 07:48:14 GMT

Hello,

I don't know if you found a solution your issue but as I was having the same question, I checked the documentation and found clish commands needed to monitor PBR routes. Here it's for default route but you can adapt it as you wish

set ip-reachability-detection ping address 1.1.1.1 enable-ping on
set ip-reachability-detection ping address 8.8.8.8 enable-ping on
set pbr table <PBR_Table> static-route default nexthop gateway address <Prefered_Default_Route> priority 1
set pbr table <PBR_Table> static-route default nexthop gateway address <Prefered_Default_Route> monitored-ip 1.1.1.1 on
set pbr table <PBR_Table> static-route default nexthop gateway address <Prefered_Default_Route> monitored-ip 8.8.8.8 on
set pbr table <PBR_Table> static-route default nexthop gateway address <Prefered_Default_Route> monitored-ip-option fail-any
set pbr table <PBR_Table> static-route default nexthop gateway address <Second_Prefered_Default_Route> priority 2
set pbr table <PBR_Table> static-route default nexthop gateway address <Second_Prefered_Default_Route> monitored-ip 1.1.1.1 on
set pbr table <PBR_Table> static-route default nexthop gateway address <Second_Prefered_Default_Route> monitored-ip 8.8.8.8 on
set pbr table <PBR_Table> static-route default nexthop gateway address <Second_Prefered_Default_Route> monitored-ip-option fail-any
set pbr table <PBR_Table> static-route default nexthop gateway address <Third_Prefered_Default_Route> priority 3
set pbr table <PBR_Table> static-route default nexthop gateway address <Third_Prefered_Default_Route> monitored-ip 1.1.1.1 on
set pbr table <PBR_Table> static-route default nexthop gateway address <Third_Prefered_Default_Route> monitored-ip 8.8.8.8 on
set pbr table <PBR_Table> static-route default nexthop gateway address <Third_Prefered_Default_Route> monitored-ip-option fail-any
save config