This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kb1
Collaborator
‎2019-11-21 11:33 AM

I need help with routing

So i need to configure routing on my 1100 firewall and below is the information i have for the configuration-

 

Site subnet:  10.40.3.X/24

 

Eth LAN2 (vlan20 –secured): 10.40.3.21/29; dgw= 10.40.3.20/29  (int Gi0/2)

Eth LAN5 (vlan 10 - unsecured): 10.40.3.11/29, dgw = 10.40.3.10/29 (int Gi0/1)

 

Source network:

216.152.218.X/32

 

Destination networks:

Checkpoint Portal/Blade - https://10.169.90.4/sslvpn

                149.122.13.X/32

                149.122.13.X/32

                149.122.13.X/32

 

So what would be the command on cli since i only have console access to configure routing?

 

Fo reference below is the routing configuration for another 1100 appliance and i was told that the routing should be similar to this one-

 

# Static routes
delete static-routes
add static-route service Any destination 10.0.0.X/8 nexthop gateway ipv4-address 10.43.1.20" metric 0
set static-route 2 service Any destination 10.0.0.X/8 nexthop gateway ipv4-address 10.43.1.20 metric 0 disabled false
add static-route service Any destination "216.152.218.X/32" nexthop gateway ipv4-address "10.43.1.X" metric "0"
set static-route 3 service Any destination "216.152.218.X/32" nexthop gateway ipv4-address "10.43.1.X" metric "0" disabled "false"
add static-route service Any destination "149.122.0.X/16" nexthop gateway ipv4-address "10.43.1.X" metric "0"
set static-route 1 service Any destination "149.122.0.X/16" nexthop gateway ipv4-address "10.43.1.X" metric "0" disabled "false"

 

I cannot figure out what the destination network should be as is shown for above configuration, just keeps showing error and so whenever i try out something.

0 Kudos
8 Replies
kb1
Collaborator
‎2019-11-21 03:19 PM

maybe the destination network has to be any or something?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-11-22 12:19 AM

Can you rather  draw a network plan ?  I seem not to be able to figure it out from what you wrote...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
kb1
Collaborator
‎2019-11-22 08:24 AM
In response to G_W_Albrecht

so the config that you see is what i received from the telecom team, and this firewall is connected to a switch where the lan 2 port of the firewall is connected to the gi0/2 port of the switch and the lan5 pot is connected to gi0/1 of the switch as shown in the config below, i know that the writing is a bit confusing but yeah thats the info i received-

Eth LAN2 (vlan20 –secured): 10.40.3.21/29; dgw= 10.40.3.20/29  (int Gi0/2)

Eth LAN5 (vlan 10 - unsecured): 10.40.3.11/29, dgw = 10.40.3.10/29 (int Gi0/1)

 

All i need to configure is the routing for this firewall based on the above info, i tried the add static-route.....

command yesterday but it showed some kind of error, i will try out something today as well to see if it works or not,

so what i beleive is there should be 2 statements for the routes based on the above info. What im planning to implement today is the below commands hopefully they should work-

set static-route 1 service any destination any source 10.40.3.21/29 nexthop gateway ipv4-address 10.40.3.20 disabled false metric 0
set static-route 2 service any destination any source 10.40.3.11/29 nexthop gateway ipv4-address 10.40.3.10 disabled false metric 0

And as i mentioned for reference you can look at the routing config for the other 1100 firewall that i shared in the op which does have specific destinations by the way for the static routes.

 

0 Kudos
kb1
Collaborator
‎2019-11-22 08:29 AM
In response to G_W_Albrecht

And this part here below i implemented it as a rule in a policy-

 

Source network:

216.152.218.X/32

 

Destination networks:

Checkpoint Portal/Blade - https://10.169.90.4/sslvpn

                149.122.13.X/32

                149.122.13.X/32

                149.122.13.X/32

0 Kudos
kb1
Collaborator
‎2019-11-22 09:45 AM
In response to G_W_Albrecht

So those commands that i mentioned do not work apparently, maybe there is something wrong with what i chose for the source,dest,next hop ip values.

0 Kudos
mdjmcnally
Advisor
‎2019-11-22 02:18 AM

add static-route service Any destination "149.122.13.X/32" nexthop gateway ipv4-address "X.X.X.X" metric "1"

Obviously need to replace the X with actual number required which obviously we don't have.

We won't know the next hop address on your network so cannot tell you what the X need to be

0 Kudos
kb1
Collaborator
‎2019-11-22 08:16 AM
In response to mdjmcnally

so the next hop is the dgw specified in my post

0 Kudos
kb1
Collaborator
‎2019-11-22 08:17 AM
In response to mdjmcnally

The firewall is on version R77.20 by the way.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events