https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58747#M9622 <P>Maybe you don't have to. In our use case we had to publish static routes via OSPF, that's why we needed it.</P><P>&nbsp;</P> Mon, 22 Jul 2019 19:38:00 GMT FedericoMeiners 2019-07-22T19:38:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58713#M9619 <P>Attached is a brief look of my present architecture. The camera traffic highlighted in blue terminates to the video server for display on the a.a.a.a ip address. On the other hand i have users (using the labeled netscaler as an example) on Vlan B also trying to get access to a.a.a.a.</P><P>I have BGB established with all switches and from information i have gathered from the network they have bgp/ospf redistribution set up between the multicast switch and blef switch VS5.&nbsp;</P><P>The issue i have right now is,&nbsp; VS4 firewall is sending all traffic going to vlan A to use the multicast switch as it next hop which should not be the case. This is causing a loop on my network.</P><P>The attached image shows the right part i want the traffic to go.</P><P>I have VSX running,i have tried to setup pbr but it is disabled.</P><P>Would appreciate any insights.</P><P>Thank You</P><P>&nbsp;</P> Mon, 22 Jul 2019 14:30:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58713#M9619 Enyi_Ajoku 2019-07-22T14:30:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58716#M9620 Hello,<BR /><BR />Have you tried setting up Route Maps to achieve the desired routing? I had a similar issue with OSPF inside VSX and Route Maps was the way to go, you can set up conditions, actions and weights.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100501" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk100501</A><BR /><BR />Keep in mind that you may need to set up static routes via SmartDashBoard first:<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98909" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98909</A><BR /><BR />Hope it helps,<BR />Federico Meiners Mon, 22 Jul 2019 14:47:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58716#M9620 FedericoMeiners 2019-07-22T14:47:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58746#M9621 <P>Thank You for your feedback</P><P>one question, why do i need static? i have a growing number of traffic from both the remote sites and VS4.</P><P>my assumption was BGP will take care of the routing and i would create routemap to only allow traffic from camera&nbsp; firewall go through the multicast switch and everything else go to the BLEF switch (VS5)</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 22 Jul 2019 19:30:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58746#M9621 Enyi_Ajoku 2019-07-22T19:30:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58747#M9622 <P>Maybe you don't have to. In our use case we had to publish static routes via OSPF, that's why we needed it.</P><P>&nbsp;</P> Mon, 22 Jul 2019 19:38:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Traffic-Engineering/m-p/58747#M9622 FedericoMeiners 2019-07-22T19:38:00Z