topic Re: SMB 1900 Appliance Advertise only default route over BGP in Spark Firewall (SMB)

SMB 1900 Appliance Advertise only default route over BGP

Ralitsa_M — Wed, 15 Oct 2025 14:00:30 GMT

We’re trying to make sure that only the default route gets advertised from the 1900 SMB cluster. Right now, we’re using a routemap to export the default route, but it looks like it’s also matching all other static routes on the firewall - which isn’t what we want. This could cause issues in our setup, especially if more specific routes start taking precedence over connected networks in the peering VRF.
We’ll be filtering the accepted routes on the peering switches as a safeguard, but ideally, we want to get the export right from the start and only send the default route.
Is there a way to tweak the routemap so it matches just the default route and nothing else?

Thanks!

Check Point's 1900 Appliance Gaia Embeded R81.10.17 - Build 653

set routemap defaultRoute id 10 on
set routemap defaultRoute id 10 allow
set routemap defaultRoute id 10 match network 0.0.0.0/0 exact
set routemap defaultRoute id 10 match protocol static

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Thu, 16 Oct 2025 06:04:35 GMT

Your routemap specifically says to match exactly 0.0.0.0/0. Can you change it to match only whats required?

Best,

Andy

Re: SMB 1900 Appliance Advertise only default route over BGP

Ralitsa_M — Thu, 16 Oct 2025 12:36:42 GMT

Hi Andy,

Thanks for getting back to me. I might be misunderstanding your point - my current routemap is already set to match exactly 0.0.0.0/0.

The issue I’m seeing is that even with that configuration, given the example routing table below, the router still advertises 10.0.0.0/8 and 172.16.0.0/12 along with the default route.

I can't share the BGP advertisement output as currently the sessions are not established.

Here’s an example from the routing table:

> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
NP - NAT Pool, U - Unreachable, i - Inactive

S 0.0.0.0/0 via 192.168.2.1, LANBOND0.$$, cost 0, age 3036778
S 10.0.0.0/8 via 192.168.1.1, LANBOND0.%%, cost 0, age 3036778
S 172.16.0.0/12 via 192.168.1.1, LANBOND0.%%, cost 0, age 3036778

Could you clarify what you mean by “change it to match only what’s required”? Are you suggesting a different match condition or an additional filter in the routemap?

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Thu, 16 Oct 2025 12:43:59 GMT

I could be mistaken, but 3rd line states to match exactly 0.0.0.0/0. Would that not match EVERYTHING?

Re: SMB 1900 Appliance Advertise only default route over BGP

Chris_Atkinson — Thu, 16 Oct 2025 12:54:49 GMT

If you add another portion to the routemap say id 100 as restrict do you still see the same behavior? e.g.

set routemap defaultRoute id 100 on

set routemap defaultRoute id 100 restrict

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Thu, 16 Oct 2025 12:54:43 GMT

Good call Chris. I believe my colleague had to do the same for a customer for SASE issue we had.

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Thu, 16 Oct 2025 12:59:45 GMT

Here is example we used in sase.

set inbound-route-filter bgp-policy 1000 based-on-as as 65001 on

set inbound-route-filter bgp-policy 1000 restrict-all-ipv4

set inbound-route-filter bgp-policy 1000 route 10.255.0.0/16 normal on

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Fri, 17 Oct 2025 11:49:42 GMT

Hey @Ralitsa_M

Let us know if what Chris and I gave helps, or if not, how it gets solved.

Re: SMB 1900 Appliance Advertise only default route over BGP

Ralitsa_M — Fri, 17 Oct 2025 13:21:54 GMT

@the_rock @Chris_Atkinson Thanks both! I'll test this and get back to you.

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Fri, 17 Oct 2025 13:29:04 GMT

Fingers crossed...hope it works!

Re: SMB 1900 Appliance Advertise only default route over BGP

the_rock — Fri, 17 Oct 2025 14:38:02 GMT

I checked with one of my colleagues about this, he said TAC have him an additional command to run, might be worth a case.