This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hllrdm
Contributor
‎2023-04-17 11:34 PM

Rank and Cost in Check Point

I want to figure out the rank-to-cost ratio in Check Point routing.
We can adjust Rank between static routes, dynamic protocols, but we don't see a cost adjustment for routes. We know that rank and cost affect the order in which packets are sent through the routing table.We tried to set the same rank between the static route and the rank that comes in via ospf. In this case traffic went via ospf route, cost of ospf was lower than that of static route.
When we output show route, we see cost, but we don't see rank. How do these concepts relate to Check Point?


0 Kudos
9 Replies
_Val_
Admin
Admin
‎2023-04-17 11:36 PM

Please provide a specific example. 

0 Kudos
Hllrdm
Contributor
‎2023-04-17 11:47 PM
In response to _Val_

We are preparing an example. Maybe you can tell us how cost and rank are related in Check Point?

0 Kudos
_Val_
Admin
Admin
‎2023-04-17 11:56 PM
In response to Hllrdm

Nothing special with Check Point. Lower cost should be the preferable route. Not sure what you mean by "rank" though.

Please also refer to the advanced routing guide for your version, for example: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityGateway_Guide/Conten...

 

0 Kudos
MiniNinja
Collaborator
‎2025-02-19 05:12 AM
In response to Chris_Atkinson

And what about the priority in relation to Ipsec VPN domain, what is the priority of networks (routes) in the VPN domain?

 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-19 08:01 AM
In response to MiniNinja

Domain-Based VPN traffic (as opposed to Route/Based VPN with VTIs) always takes priority over other routes due to VPN’s position in the kernel.

0 Kudos
MiniNinja
Collaborator
‎2025-02-20 04:06 AM
In response to PhoneBoy

which is more priority than a static route or a VPN domain?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-20 05:25 AM
In response to MiniNinja

Pretty sure a VPN Domain has higher priority.

the_rock
Legend
Legend
‎2025-02-20 06:45 AM
In response to PhoneBoy

I always thought domain based tunnel has priority over route based one, but then static route would have precedence over VPN domain.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top