This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mrknthny
Participant
‎2022-08-18 06:22 PM

Route Default GW not via WAN interface but via sub-vlan interface

Hi All, hope someone can help me.

I am having a setup to configure trunk on an interface (either WAN or LAN). But this interface need to be configured as trunk and create sub-vlan interfaces. To put simply, say

LAN 1

LAN1.2 (vlan 2): 192.168.29.0/24

LAN1.3 (vlan 3): 192.168.30.0/24

Then say, I want to create the default route via LAN1.2. Is there a way I can do that? 

If I create LAN1 as internet, it doesnt allow me to create sub-interfaces. If i create LAN1 as normal LAN port and create sub-vlan interfaces, it knows that the WAN (default) should have the default route since it is the internet gateway.

I am using SMB device 1450 series in cluster.

If there is no way, then i guess I will just use two interfaces on my device, one WAN and one LAN.

 

Thank you.

0 Kudos
13 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-08-19 07:18 AM

Have you tried the configuration on the DMZ port?

DMZ_Internet.png

CCSM R77/R80/ELITE
0 Kudos
mrknthny
Participant
‎2022-08-19 07:55 AM
In response to Chris_Atkinson

Hi Chris, 

thank you for replying. I have not tried yet. As I tried on port WAN and LAN ports but just wouldn't work. May I know if you have tried the setup before? I will give your suggestion a try. Thank you.

0 Kudos
mrknthny
Participant
‎2022-08-21 09:07 PM
In response to Chris_Atkinson

Hi Chris,

i have not yet, only tried on WAN and LAN interfaces so far (which havent worked obviously) but am keen to give this (DMZ) a try tomorrow and will update you. Once i have configured this, do i need to configure manual default route? or will it be automatically created based on which vlan i want to be routed as the internet gateway?\


Cheers!

Mark

0 Kudos
AngelettaA
Employee Employee
Employee
‎2022-08-20 11:28 AM

On Gaia Embedded You must have the default GW on the WAN interface or a bond interface that contains the WAN interface.

I also faced a topology like yours, and there was no way to make it work properly, if there is no link up on the WAN interface even the IPS will not work for you, you can check it with the command "ips stat "

0 Kudos
mrknthny
Participant
‎2022-08-20 05:54 PM
In response to AngelettaA

Hi AngelettaA,

thank you for your response. Agree. But It doesnt necessarily need to be on a Wan interface. We can use a Lan interface as long as you set the lan interface as the internet it will use that as the interface for default gateway. But the problem happens when I need to trunk the interface, it wont allow me to use any sub-interface as a route for default gateway. Port only needs to be a normal wan/lan port. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-08-21 09:06 PM
In response to mrknthny

To be clear your requirement is not only to have the Internet over a VLAN but also on the same single (trunk) port as the Internal networks?

I don't believe the Web UI allows such a configuration but will test via CLI and update here.

CCSM R77/R80/ELITE
0 Kudos
mrknthny
Participant
‎2022-08-21 09:17 PM
In response to Chris_Atkinson

Yes correct Chris. On the same single (trunk) port i will configured one vlan to route over internet and one other vlan as internal network. I know this can be easily done with making 2 separate physical interfaces one (WAN) and one (LAN). But just want to confirm first if there is a way to make this setup or not? because if there is no way then i will go to the original plan to use 2 physical interfaces instead. just to note i am using SMB device 1450 on a cluster.

Please let me know how it goes then.

 

thank you.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-08-21 11:27 PM
In response to mrknthny

From my testing this isn't possible, both the Web UI and CLI block the configuration of Internet+LAN as VLANs together on a single port.

CCSM R77/R80/ELITE
0 Kudos
mrknthny
Participant
‎2022-08-22 12:08 AM
In response to Chris_Atkinson

Hi Chris,

Basing on your testing, i will conclude then that it is not possible to create a trunk on any interface of an SMB appliance to use as both Internet + LAN. I will proceed then to configure individual interfaces one on WAN and another on LAN for my requirement. I appreciate your help taking time to check on this.

Cheers!

Mark

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2022-08-22 11:38 PM
In response to mrknthny

The problem with embedded and default route is that it can only be set on a WAN interface, but there is a simple way around it. 

Set 2 routes: 0.0.0.0/1 (mask 128.0.0.0) to your nexthop and 128.0.0.0/1 to the nexthop.

Regards, Maarten
0 Kudos
faridb
Employee
Employee
‎2023-12-07 01:21 AM
In response to Maarten_Sjouw

Hi Maarten ,

 

Can you confirm this workaround could work ?

what if we use a bond with the WAN interface that will be not used ?

 

Farid

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-08-21 09:03 PM
In response to AngelettaA

Note Bond interfaces are not supported on 1400 series appliances per sk114217.

CCSM R77/R80/ELITE
0 Kudos
AngelettaA
Employee Employee
Employee
‎2022-08-22 04:39 AM
In response to Chris_Atkinson

regardless of the SMB Series, it is precisely on Gaia Embedded that the default can be inserted on the WAN interface or on a bond that contains the WAN interface.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events