Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Collaborator

allowing dynamic routing protocol updates through checkpoint firewall

So i came across this sk that explains how to allow ospf,rip,igrp,bgp updates but i do not see an explanation for eigrp? would i create a host object for 224.0.0.10 for eigrp (since thats the ip it uses for multicast updates) and for the rest do the same as say ospf for which is explained in the sk? and one more question regarding ospf, what is the 224.0.0.1 ip? i do know that ospf uses 224.0.0.5 , 224.0.0.6 for updates but what is 224.0.0.1? Also i do not see an "eigrp" under services, i see ospf, bgp,etc but no eigrp, im assuming i need to select igrp?

Running R80.20 by the way.

Sk being talked about-

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Reply
6 Replies
Advisor

Hello,


EIGRP is a Cisco proprietary protocol so you won't see anything about it.

As for , 224.0.0.1 : The All Hosts multicast group addresses all hosts on the same network segment.

 

BR,
Paul

0 Kudos
Reply
Collaborator

so there is no way for 2 cisco routers on either side of a checkpoint to share their eigrp updates through the firewall?

0 Kudos
Reply
Advisor

You could create a separate service object for ip protocol 88 and see what happens or can leave Any ...
0 Kudos
Reply
Collaborator

ok thanks nothning too important as i was just trying out some routing protocols in my gns3 lab, decided to use ospf instead which is better i guess.
0 Kudos
Reply
Admin
Admin

EIGRP is a multicast protocol.
In addition to allowing the traffic in the Access Policy, you would need to set up something like PIM to forward the traffic as this traffic is not forwarded by default.
It might be easier to use a routing protocol that can operate unicast.
0 Kudos
Reply
Admin
Admin

Multicast traffic can be passed through, there are per-interface settings about that.

0 Kudos
Reply