Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Railx
Explorer

dynamic routing

Good afternoon.

We have two routers that are up to CheckPoint. Traffic can come from both routers. The traffic can be from users who have a known ip address and users who have an unknown ip address.
In case the traffic comes from a known address, we can route it back the same way using static routing. Default route we have configured for the first router, so if the traffic with unknown address comes from the first router, it goes the same way.
But what if the traffic with an unknown address comes through the second router? Is there any way to set it to go the same way? Has anyone encountered this problem?

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend

Afaik, every transmitted package has a source and destination IP - i never saw a package with unknown IP 😉 If you use IA, it is easy to match known users in rules different to unknown users.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer

Unfortunately we don't use IA, so we would like to redirect traffic in some other way.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Why not decide upon known / inknown IP ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer

The point is that if traffic with an unknown address came through the first router, we have to send it back through the first router.
If the traffic came through the second router, then we must send it also through the second router.
We have static routes that send traffic with an address known to us through the necessary routers. And we have a default route that sends all traffic with an unknown address through the first router. But how do we send traffic with an unknown route through the second router?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Switch to only known IPs or use IA.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer

So IA can help us with that?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No, bad idea - will not help here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Let the routers do the NAT !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer

Good idea, why didn't I think of that right away.
Thanks

0 Kudos
Sorin_Gogean
Advisor

Some missing details on your posting, so let me tell you how we're set-up. Maybe it will give you ideas.

In our DC's we have also two internet sources, and those routers have a BGP with the ISP and in between them.
On the LAN side of the Internet routers, we have an HSRP, and the CheckPoint GWs are in that Public range. 

Routing respects the path that the externals reached to us, so nothing needs to be done on CheckPoint side.
So if I have to transpose that to your case, I would say that you might be getting through if you fix the routing between the two Internet boxes .

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events