SMB 1900 Appliance Advertise only default route ov...

Ralitsa_M · ‎2025-10-15

We’re trying to make sure that only the default route gets advertised from the 1900 SMB cluster. Right now, we’re using a routemap to export the default route, but it looks like it’s also matching all other static routes on the firewall - which isn’t what we want. This could cause issues in our setup, especially if more specific routes start taking precedence over connected networks in the peering VRF.
We’ll be filtering the accepted routes on the peering switches as a safeguard, but ideally, we want to get the export right from the start and only send the default route.
Is there a way to tweak the routemap so it matches just the default route and nothing else?

Thanks!

Check Point's 1900 Appliance Gaia Embeded R81.10.17 - Build 653

set routemap defaultRoute id 10 on
set routemap defaultRoute id 10 allow
set routemap defaultRoute id 10 match network 0.0.0.0/0 exact
set routemap defaultRoute id 10 match protocol static

the_rock · ‎2025-10-15

Your routemap specifically says to match exactly 0.0.0.0/0. Can you change it to match only whats required?

Best,

Andy

Best,
Andy

Ralitsa_M · ‎2025-10-16

Hi Andy,

Thanks for getting back to me. I might be misunderstanding your point - my current routemap is already set to match exactly 0.0.0.0/0.

The issue I’m seeing is that even with that configuration, given the example routing table below, the router still advertises 10.0.0.0/8 and 172.16.0.0/12 along with the default route.

I can't share the BGP advertisement output as currently the sessions are not established.

Here’s an example from the routing table:

> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
NP - NAT Pool, U - Unreachable, i - Inactive

S 0.0.0.0/0 via 192.168.2.1, LANBOND0.$$, cost 0, age 3036778
S 10.0.0.0/8 via 192.168.1.1, LANBOND0.%%, cost 0, age 3036778
S 172.16.0.0/12 via 192.168.1.1, LANBOND0.%%, cost 0, age 3036778

Could you clarify what you mean by “change it to match only what’s required”? Are you suggesting a different match condition or an additional filter in the routemap?

the_rock · ‎2025-10-16

I could be mistaken, but 3rd line states to match exactly 0.0.0.0/0. Would that not match EVERYTHING?

Best,
Andy

the_rock · ‎2025-10-16

Here is example we used in sase.

set inbound-route-filter bgp-policy 1000 based-on-as as 65001 on

set inbound-route-filter bgp-policy 1000 restrict-all-ipv4

set inbound-route-filter bgp-policy 1000 route 10.255.0.0/16 normal on

Best,
Andy

Chris_Atkinson · ‎2025-10-16

If you add another portion to the routemap say id 100 as restrict do you still see the same behavior? e.g.

set routemap defaultRoute id 100 on

set routemap defaultRoute id 100 restrict

CCSM R77/R80/ELITE

the_rock · ‎2025-10-16

Good call Chris. I believe my colleague had to do the same for a customer for SASE issue we had.

Best,
Andy

the_rock · ‎2025-10-17

Hey @Ralitsa_M

Let us know if what Chris and I gave helps, or if not, how it gets solved.

Best,
Andy

Ralitsa_M · ‎2025-10-17

@the_rock @Chris_Atkinson Thanks both! I'll test this and get back to you.

the_rock · ‎2025-10-17

Fingers crossed...hope it works!

Best,
Andy

the_rock · ‎2025-10-17

I checked with one of my colleagues about this, he said TAC have him an additional command to run, might be worth a case.

Best,
Andy

Are you a member of CheckMates?

SMB 1900 Appliance Advertise only default route over BGP