This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hayat
Explorer
‎2021-06-03 04:02 AM

DHCP push route

Hi,

 

We're using the Checkpoint 750 Security Appliance, and I'm looking for a way to push a route from the DHCP server configured on our main LAN network to the DHCP clients.

 

There is a way to it?

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2021-06-03 04:15 AM

It is not a best practice to resolve routing issues on a client side. Could you please elaborate about what you are trying to achieve and why?

Hayat
Explorer
‎2021-06-03 06:29 AM
In response to _Val_

Thank you for your reply.

Our LAN network is 192.168.1.0/24 and the remote LAN is 192.168.90.0/24.

I have a site to site VPN NATed from our Checkpoint to a OpenVPN server (192.168.1.2) in the LAN with another OpenVPN server on another site.

At first, I've configured a static route on the Checkpoint (192.168.1.1) to route all traffic from our LAN to 192.168.90.0/24 through the local OpenVPN server (192.168.1.2). at this point I was able to ping 192.168.90.0/24 from LAN but couldn't SSH or connect on any other port. (Probably due to ping redirect, since 192.168.1.1 sent me to 192.168.1.2 on the same LAN).

When I added a static route on a client (192.168.1.159)  to send traffic sent to the remote LAN (192.168.90.0/24) directly through the OpenVPN server (192.168.1.2), I've got a full access to 192.168.90.0/24.

I want to prevent configuring client by client with this static route so I thought to push it using the LAN's DHCP.

0 Kudos
_Val_
Admin
Admin
‎2021-06-03 06:42 AM
In response to Hayat

Got it. AFAIK, you cannot do that with SMB.

0 Kudos
Hayat
Explorer
‎2021-06-03 06:48 AM
In response to _Val_

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-04 09:37 AM
In response to Hayat

I believe you would do this by configuring DHCP Option 33.
You'd have to configure this as a custom DHCP option in the 750, which you should be able to do.
Something like: https://ercpe.de/blog/advanced-dhcp-options-pushing-static-routes-to-clients
(Note: haven’t tested this)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top