- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
is there any way or command on checkpoint firewall gateway to ignore the DF bit flag and assemble traffic as normal.
thanks
This SK is mostly relevant for VPN.
In Linux, at least according to here, the way you would do this would be something like:
You can try this in expert mode and see if it works.
Replace 192.168.1.0/24 with the subnet that requires DF be cleared.
However, I cannot say if this command will work on Gaia or not.
Even if it does, it probably won't persist across reboots or even certain configuration changes in clish/WebUI.
and this is for regular traffic not for vpn traffic is there a way to ignore that DF bit flag on the firewall with a command ?
Not sure about regular traffic, but this is best I can find.
Andy
https://support.checkpoint.com/results/sk/sk39270
This SK is mostly relevant for VPN.
In Linux, at least according to here, the way you would do this would be something like:
You can try this in expert mode and see if it works.
Replace 192.168.1.0/24 with the subnet that requires DF be cleared.
However, I cannot say if this command will work on Gaia or not.
Even if it does, it probably won't persist across reboots or even certain configuration changes in clish/WebUI.
You got it, thats it
from my lab:
[Expert@CP-gw:0]# ip route add 192.50.50.0/24 dev eth1 mtu lock 1500
[Expert@CP-gw:0]#
Best,
Andy
also can you explain to me what that output means and if there is a way to fix it on the firewall
To fix a drop? Not sure, maybe worth TAC case.
Andy
we use VSX so not sure how we can add the lock for a route, as far as I know we shouldnt add routes from cli for VSX and I dont see that as an option in Smartconsole
If it's not an option from SmartConsole (where you have to define routes for a VS with VSX), then it's probably not supported.
A few TAC cases I reviewed suggest this isn't supported as well, but best to check with them to confirm: https://help.checkpoint.com
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 12 | |
| 12 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY