https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12718#M301 <HTML><HEAD></HEAD><BODY><P>It has long been behavior on Check Point gateways to disable IP Forwarding until a real security policy is loaded.</P><P>SMB devices are a little different in that they have a different set of default policies, including ones that pass traffic, but the same basic principles apply.</P><P></P><P>As&nbsp;for moving posts when needed, it's part of what I do&nbsp;<img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Thu, 05 Apr 2018 17:01:28 GMT PhoneBoy 2018-04-05T17:01:28Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12715#M298 <HTML><HEAD></HEAD><BODY><P>Good Evening -&nbsp;</P><P></P><P>I have approx. 25 x 1450 gateways on embedded GAIA_R77.20.70 - configured with an external WAN interface and an internal switch - LAN1_switch. To get the switch to pass packets to the WAN interface routing was enabled in&nbsp;</P><P># /proc/sys/net/ipv4/ip_forward by setting the value to &lt;1&gt;. Good to go. BUT, i am unable to get it to survive reboots! i also tried enabling it by # sysctl -w net.ipv4.ip_forward=1. Again, reboot killed it.</P><P></P><P>To make it persistent and survive reboots in full GAIA, or other 'full' distro, I would edit /etc/sysctl.conf , but this file does not seem to exist in the embedded version.&nbsp;&nbsp;</P><P></P><P>Anyone else come across this snafu - and found a fix? Or anyone know if an equivalent sysctl.conf file exists in embedded GAIA?</P><P></P><P>Thanks!</P><P></P><P>TL</P></BODY></HTML> Thu, 05 Apr 2018 05:48:28 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12715#M298 CP_SA 2018-04-05T05:48:28Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12716#M299 <HTML><HEAD></HEAD><BODY><P>If everything is working properly, you should not need to manually set this value to 1.</P><P>The only reason it would ever be set to zero is if, for some reason, it is unable to load a security policy.</P><P>Either that or there is something peculiar about your configuration.</P><P>What does “fw stat” show?</P><P>Also let’s move this to the <A href="https://community.checkpoint.com/community/infinity-general/smb-smp?sr=search&amp;searchId=5a4d44b9-0222-4022-adbd-1bedb2b26491&amp;searchIndex=0" target="_blank">https://community.checkpoint.com/community/infinity-general/smb-smp?sr=search&amp;searchId=5a4d44b9-0222-4022-adbd-1bedb2b26491&amp;searchIndex=0</A>‌ space where it belongs.</P></BODY></HTML> Fri, 21 Jun 2019 09:02:34 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12716#M299 PhoneBoy 2019-06-21T09:02:34Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12717#M300 <HTML><HEAD></HEAD><BODY><P>These guys are all centrally managed and policy is not being pushed until they are deployed. . We thought that this might be the issue as well. And, we actually have not re-loaded one once they are deployed - I simply verify - and they all have been successful so I did not re-visit it.&nbsp;</P><P></P><P>It was in my pre-configuring, without policy, that was driving me crazy. I would configure, set the routing, test connectivity from the Lan to the WAN and then power it down - pull them out to verify just prior to deployment and it would not have survived the re-load.</P><P></P><P>Thank you for confirming the suspicion - I will re-load a deployed one and verify the persistence.</P><P></P><P>Thanks for moving the thread - i am a Checkmates noob and completely overlooked it!&nbsp;</P></BODY></HTML> Thu, 05 Apr 2018 15:46:55 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12717#M300 CP_SA 2018-04-05T15:46:55Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12718#M301 <HTML><HEAD></HEAD><BODY><P>It has long been behavior on Check Point gateways to disable IP Forwarding until a real security policy is loaded.</P><P>SMB devices are a little different in that they have a different set of default policies, including ones that pass traffic, but the same basic principles apply.</P><P></P><P>As&nbsp;for moving posts when needed, it's part of what I do&nbsp;<img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Thu, 05 Apr 2018 17:01:28 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Routing-Persistence-Question-Embedded-GAIA/m-p/12718#M301 PhoneBoy 2018-04-05T17:01:28Z