This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Railx
Explorer
‎2023-02-14 12:36 AM

dynamic routing

Good afternoon.

We have two routers that are up to CheckPoint. Traffic can come from both routers. The traffic can be from users who have a known ip address and users who have an unknown ip address.
In case the traffic comes from a known address, we can route it back the same way using static routing. Default route we have configured for the first router, so if the traffic with unknown address comes from the first router, it goes the same way.
But what if the traffic with an unknown address comes through the second router? Is there any way to set it to go the same way? Has anyone encountered this problem?

0 Kudos
10 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 12:40 AM

Afaik, every transmitted package has a source and destination IP - i never saw a package with unknown IP 😉 If you use IA, it is easy to match known users in rules different to unknown users.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer
‎2023-02-14 12:48 AM
In response to G_W_Albrecht

Unfortunately we don't use IA, so we would like to redirect traffic in some other way.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 12:53 AM
In response to Railx

Why not decide upon known / inknown IP ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer
‎2023-02-14 01:02 AM
In response to G_W_Albrecht

The point is that if traffic with an unknown address came through the first router, we have to send it back through the first router.
If the traffic came through the second router, then we must send it also through the second router.
We have static routes that send traffic with an address known to us through the necessary routers. And we have a default route that sends all traffic with an unknown address through the first router. But how do we send traffic with an unknown route through the second router?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 01:05 AM
In response to Railx

Switch to only known IPs or use IA.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer
‎2023-02-14 01:18 AM
In response to G_W_Albrecht

So IA can help us with that?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 07:59 AM
In response to Railx

No, bad idea - will not help here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-02-14 01:18 AM
In response to Railx

Let the routers do the NAT !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Railx
Explorer
‎2023-02-14 01:21 AM
In response to G_W_Albrecht

Good idea, why didn't I think of that right away.
Thanks

0 Kudos
Sorin_Gogean
Advisor
‎2023-02-14 02:11 AM
In response to Railx

Some missing details on your posting, so let me tell you how we're set-up. Maybe it will give you ideas.

In our DC's we have also two internet sources, and those routers have a BGP with the ISP and in between them.
On the LAN side of the Internet routers, we have an HSRP, and the CheckPoint GWs are in that Public range. 

Routing respects the path that the externals reached to us, so nothing needs to be done on CheckPoint side.
So if I have to transpose that to your case, I would say that you might be getting through if you fix the routing between the two Internet boxes .

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events