Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader
Jump to solution

Can someone please clear my doubts about CP Network?

Hi Team,

We are planning to use a topology given below.

I am planning to use Check Point default gateway as 1.2.3.5 which is LB. Server 10.10.10.30 is statically manually natted with 1.2.3.7

Proxy ARP added on firewall.

From Check Point perspective I wanted to understand the routing part in the below scenario

  • Lets support Traffic is initiated from Internet for host 1.2.3.7 for Port 443
  • It would reach router R1
  • It would Broadcast for ARP. Check Point would send gratuitous ARP
  • Traffic will then be forwarded to 1.2.3.6
  • Traffic will be natted and send out to 10.10.10.30
  • Now while returning from 10.10.10.30

Once it reached to Check Point

  • Does firewall refer to the routing table for destination ANY (Since the packet was originated from Source ANY) and will it be routed to 1.2.3.5; causing asynchronous routing

OR

  • Since the firewall already has connection table entry and it knows it arrived from eth0 from 1.2.3.4; will it be routed back to 1.2.3.4?

My strong feeling is it would definitely be sent it back to 1.2.3.4 since routing is not stateful and I would need to add PBR on CP for source IP

Please advise?

scenario1.jpg

 

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
8 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events