topic CheckPoint no longer internet access after changing default route on Gaia. in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-no-longer-internet-access-after-changing-default/m-p/81731#M6333 <P>Dear All,</P><P>&nbsp;</P><P>A simple case of standalone deployment with a fresh Trial license imported CP.</P><P>&nbsp;</P><P>I have two internet-accessible WANs.&nbsp;</P><P>Let says Gateway A is 1.2.3.4/24 and Gateway B is 192.168.1.254/24.</P><P>&nbsp;</P><P>At the first time wizard, I do configure the default gateway using 1.2.3.4/24.</P><P>MGT port is the management interface with 192.168.1.1/24 as default.</P><P>And is able to ping <A href="http://www.google.com" target="_blank" rel="noopener">www.google.com</A>&nbsp;from CLI this moment.</P><P>Then I change the default route from 1.2.3.4 to 192.168.1.254.<BR /><BR />The CP is no longer internet-accessible now.</P><P>&nbsp;</P><P>I then use a PC to simulate the CP MGT IP&nbsp; - 192.168.1.1/24 and able to access Google via 192.168.1.254.</P><P>I type "show route" on CP, the route looks good with the right interface chosen.</P><P>&nbsp;</P><P>On the SmartConsole side, only Any &lt;-&gt; Allow Policy is configured at that moment.</P><P>Have someone try a similar case before?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 14 Apr 2020 05:17:24 GMT BlueGrass 2020-04-14T05:17:24Z CheckPoint no longer internet access after changing default route on Gaia. https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-no-longer-internet-access-after-changing-default/m-p/81731#M6333 <P>Dear All,</P><P>&nbsp;</P><P>A simple case of standalone deployment with a fresh Trial license imported CP.</P><P>&nbsp;</P><P>I have two internet-accessible WANs.&nbsp;</P><P>Let says Gateway A is 1.2.3.4/24 and Gateway B is 192.168.1.254/24.</P><P>&nbsp;</P><P>At the first time wizard, I do configure the default gateway using 1.2.3.4/24.</P><P>MGT port is the management interface with 192.168.1.1/24 as default.</P><P>And is able to ping <A href="http://www.google.com" target="_blank" rel="noopener">www.google.com</A>&nbsp;from CLI this moment.</P><P>Then I change the default route from 1.2.3.4 to 192.168.1.254.<BR /><BR />The CP is no longer internet-accessible now.</P><P>&nbsp;</P><P>I then use a PC to simulate the CP MGT IP&nbsp; - 192.168.1.1/24 and able to access Google via 192.168.1.254.</P><P>I type "show route" on CP, the route looks good with the right interface chosen.</P><P>&nbsp;</P><P>On the SmartConsole side, only Any &lt;-&gt; Allow Policy is configured at that moment.</P><P>Have someone try a similar case before?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 14 Apr 2020 05:17:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-no-longer-internet-access-after-changing-default/m-p/81731#M6333 BlueGrass 2020-04-14T05:17:24Z Re: CheckPoint no longer internet access after changing default route on Gaia. https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-no-longer-internet-access-after-changing-default/m-p/81863#M6337 Precisely how are you determining Internet accessibility?<BR />Have you used, say, tcpdump to verify traffic is going out the correct interface with the correct IP address?<BR />Are you seeing anything in the logs?<BR />Also it's not clear if each ISP link is connected to the same interface or different ones. Tue, 14 Apr 2020 21:24:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-no-longer-internet-access-after-changing-default/m-p/81863#M6337 PhoneBoy 2020-04-14T21:24:11Z