- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi guys.
I have public IP on my WAN interface, works well. I ask my ISP for another Public IP and I obtain the IP from different subnet with own gateway.
I have tried add loopback adapter with 2nd public IP or even to create alias for WAN interface. I am lost with routing / I am not able to ping GAIA trough 2nd public IP.
I have tried to add static route for 2nd gateway (but for 0.0.0.0/8 is another lover priority for default gateway).
I have tried to add another GW IP to default GW (2 IPs there) and I lost internet connection at all.
Do you have Idea how to get 2 working different Public IPs from different subnets?
How are you hoping to use the address?
If the ISP has routed the address/subnet towards the security gateway already you can simply define an object and configure your NATs...
well, should not be able to respond GAIA directly when no object and NAT is configured? How the GAIA know to which GW had to respond?
In my case is I have CHP with Public IP which is in production. The 2nd IP had to be NATed to the lab (i.e. vmware open server CHP). Of course I did a rule: "* to 2nd PublicIP allow" and I have tried add static NAT and hide NAT behind 2nd IP, but I did not ping the destination system behind NAT. Therefore I try to ping at least firewall.
or do I think wrong?
If this is a cluster, the ability to use multiple IPs from multiple subnets (i.e. alias IPs) is NOT supported.
Hello. No, it's a standalone box.
What does the routing table look like when you add the alias IP?
Does it show a route for the subnet this IP is on?
It seems like this “nexthop” would be redundant anyway since they’re both going to the same place in the end.
What shows on a tcpdump when you attempt to access the second IP (either using an alias or via NAT)?
Version/JHF level would be useful to know too.
Hi,
The configuration you have is similar to ISP Redundancy. If you want to use 2 subnet within the same ISP, the ISP has to publish both subnet on its own device and use only one gateway. In this case you have only one default route. To use the new subnet you have to define proxy-arp on the external interface. If you don't you have to use ISPR.
Rgds,
ISPR looks promising. Thank you for the TIP. I'll have a try.
The first part is of course true and I never had a problem with one GW and multiple IPs from the same subnet. But in my case the subnet is /30. I'll play with ISPR and let you know.
Correct - You will have to work with ISP and ask ISP to add that subnet as a routed subnet from their router to firewall IP or cluster IP. That way your one subnet wil be between router and firewall while other subnet ISP will be able to route it.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY