Re: Bypass network objects with Specific ISP

Rakesh1313 · ‎2022-11-23

We have terminated two ISP on checkpoint firewall, using checkpoint Quantum 6200-P model, we want to bypass particular network objects with Specific ISP but not able to find any option to configure the same.

_Val_ · ‎2022-11-23

Please elaborate. What do you mean, bypass particular network objects?

PhoneBoy · ‎2022-11-23

Are you using ISP Redundancy? If so, you'd configure it there.
Otherwise, you can do it with Policy-Based Routing.

Rakesh1313 · ‎2022-11-24

Yes, I am using ISP Redundancy we are using two ISP in load balancing.

Can you please explain in which option I can configure the same?

Awaiting for your reply on the same.

Duane_Toler · ‎2022-11-23

If you're asking about pinning specific traffic to a given ISP link, then sk56384 might help. Otherwise, if you want traffic to specific hosts/networks to egress out a specific ISP link, then classic static-routes will be used here. Hopefully you don't need to resort to PBR, but if so, then sk167135 could be used to apply a security policy (in SmartConsole) to PBR rules.

There are tons of limitations and restrictions with PBR, so read sk167135 VERY VERY carefully. You should also be warned about PBR, which @PhoneBoy told me long ago: Once your routing decisions go into PBR, then EVERYTHING stays in PBR. Depending on your use-case, you may need to have a near-100% duplicate of your global routing domain inside your PBR domain. #TreadCarefully #HereThereBeDragons

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack

Are you a member of CheckMates?

Bypass network objects with Specific ISP