cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Network range and routing

Jump to solution

Hello,

 

1st of all, i'm new to checkpoint, and i don't have much time for digging into it, hence the probably easy question i'm going to ask.

 

So, we've got this new firewall in our MPLS environment, R77.30 on open server.

Everything was more or less set up by our MPLS provider who has handed it over to us without much information.

So here's my issues.

We've added a new branch office wich is connected through the MPLS (i can reach it without issue from my office, so routing is ok inside the MPLS), however i can't reach it from the firewall.

my routing table is like this -and no other route-

10.0.0.0/8 > via 10.201.1.254

on the subnets in the range, that were created before, i can traceroute them to the next hop, on my new subnet (in 10.XXX.XXX.XXX too) i can't reach the next hop, also, i don't have the route populated in the vpn.


So obvisouly, i'm missing something there, i've tried to check documentation and forumq, but as a day to day sysadmin, i can't really have enough time to check toroughtly.

Coudl someone point me to the right direction or right documentation page ?

Many thanks,

1 Solution

Accepted Solutions

Re: Network range and routing

Jump to solution
Go into tracker and see if you can filter on source (the network of the new location) like 10.10.10.0/24 and you will probably see that you have only drops for that traffic, it depends on hoe they set it up but I can imagen that they identified all networks separately and entered al of them, in either Spoofing on the WAN interface (the one connecting to the MPLS router) or they only allowed the specified networks access in and out.

When you see anti-spoofing errors, you need to add the new site range to the group that is on the interface leading to the MPLS router.
Regards, Maarten
2 Replies

Re: Network range and routing

Jump to solution
Go into tracker and see if you can filter on source (the network of the new location) like 10.10.10.0/24 and you will probably see that you have only drops for that traffic, it depends on hoe they set it up but I can imagen that they identified all networks separately and entered al of them, in either Spoofing on the WAN interface (the one connecting to the MPLS router) or they only allowed the specified networks access in and out.

When you see anti-spoofing errors, you need to add the new site range to the group that is on the interface leading to the MPLS router.
Regards, Maarten

Re: Network range and routing

Jump to solution
That was it undeed, there was a group named after a fw interface that included all other networks.
Many thanks for your help.