https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251415#M12822 <P>Hello,</P><P>A quick update, just to finish the question.&nbsp;<span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P><P>The issue was not on the Route Map, which are pretty straightforward. The thing is that the OSPF route are appearing as External Type, which have a default Rank of 150, greater than 60 of the static default route. I've changed that advanced parameter to 180 and the OSPF default route is now being used, as it should be.</P><P>Thanks a lot for your help!</P><P>Have a nice day.</P> Tue, 17 Jun 2025 10:04:23 GMT Oryx 2025-06-17T10:04:23Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251214#M12807 <P>Hi,</P><P>We have and end customer with multiple remote sites with 1590/1570 Clusters that connect to the resources on the DC and the Internet over a 9300 Cluster. They are running OSPF, so the remote sites can advertise their local networks and the Main DC advertise the default route.&nbsp;</P><P>Now they are deploying a new Backup DC and want to have a redundant link over that Backup DC. So far, so good for me. I'm sharing a little diagram.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled Diagram.drawio.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30753i53D012BFC6D1D268/image-size/medium?v=v2&amp;px=400" role="button" title="Untitled Diagram.drawio.png" alt="Untitled Diagram.drawio.png" /></span></P><P>My issue is that the end customer has configured the port WAN as Internet connection, which forces to configure a default gateway, defining a default route on the Routing Table.</P><P>So, how can I announce a default over OSPF from the BACKUP DC and make sure that the traffic comming from the Remote Site uses that second link, if I have a default static route announced through the WAN port? Can the Monitoring feature (disabled at this moment) be helpful for this? Or my only option is to reconfigure the connection on the WAN Port as normal, without being an Internet connection type?</P><P>Many thanks in advance.</P><P>Kind regards.&nbsp;</P><P>P.S.: All of the clusters are managed on a On Prem Security Management.&nbsp;</P> Fri, 13 Jun 2025 11:08:37 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251214#M12807 Oryx 2025-06-13T11:08:37Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251217#M12808 <P>If needed you should be able to manipulate this Advanced setting/value:</P> <P>OS advanced settings - Default route rank</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_20250613-193247~2.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/30755i4226785F6FD0B111/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot_20250613-193247~2.png" alt="Screenshot_20250613-193247~2.png" /></span></P> <P>&nbsp;</P> <P>Routing protocol ranks should be aligned with normal GAiA in theory:</P> <P><STRONG><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_Advanced_Routing_AdminGuide/Topics-GARG/Routing-Options-Protocol-Rank.htm#:~:text=The%20protocol%20rank%20is%20the,routes%20to%20the%20same%20destination" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_Advanced_Routing_AdminGuide/Topics-GARG/Routing-Options-Protocol-Rank.htm#:~:text=The%20protocol%20rank%20is%20the,routes%20to%20the%20same%20destination</A>.</STRONG></P> Fri, 13 Jun 2025 13:19:11 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251217#M12808 Chris_Atkinson 2025-06-13T13:19:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251227#M12811 <P>Hi,</P><P>Thanks. I was not aware of this option. However, if everything goes normally, the OSPF rank is 10, which will prevail over the static route rank 60. So, in theory, the OSPF route will have precedence over the static one, right?</P><P>Kind regards.</P> Fri, 13 Jun 2025 14:05:54 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251227#M12811 Oryx 2025-06-13T14:05:54Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251229#M12812 <P>If it's a normal OSPF route that's correct if it shows as the other type you may need the above option but you can evaluate the rank at the time and adjust accordingly.</P> Fri, 13 Jun 2025 14:35:02 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251229#M12812 Chris_Atkinson 2025-06-13T14:35:02Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251231#M12813 <P>The OSPF route is showing as "inactive", but I think it's because of the route-map applied. Anyway, I will need to try and check.&nbsp;</P><P>Thanks for your help.</P><P>Kind regards</P> Fri, 13 Jun 2025 14:43:56 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251231#M12813 Oryx 2025-06-13T14:43:56Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251415#M12822 <P>Hello,</P><P>A quick update, just to finish the question.&nbsp;<span class="lia-unicode-emoji" title=":grinning_face:">😀</span></P><P>The issue was not on the Route Map, which are pretty straightforward. The thing is that the OSPF route are appearing as External Type, which have a default Rank of 150, greater than 60 of the static default route. I've changed that advanced parameter to 180 and the OSPF default route is now being used, as it should be.</P><P>Thanks a lot for your help!</P><P>Have a nice day.</P> Tue, 17 Jun 2025 10:04:23 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-Cluster-Route-redundancy/m-p/251415#M12822 Oryx 2025-06-17T10:04:23Z