This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Samia_Ferozi
Explorer
‎2018-09-22 12:19 PM

Default gateway beyond network scope

Hi team,

Object : Default gateway beyond network scope

             ios GAIA : 80.10 - VNIC in bridge configuration with ESXi

I want to implement the following configuration for my WAN interface:

IP: 54.39.~.~

Netmask: 255.255.255.255

Gateway: 192.99.~.254

This interface is linked to my ESXi NIC (bridge mode) whose IP address is 192.99.~.~ I tried different solutions to hard-modify interface and routing configuration without effect:

I modify this file:

/etc/routed0.conf

I still got:

default gateway eth1 preference 192.168.1.1 192.99....254 preference 1;

I also modify /etc/sysconfig/network-scripts/ifcfg-eth1

I do not want to get out by means of pfsense on 192.168.1.1 but with my ESXi interface gateway. I know that this configuration is not a RFC common configuration and had to work hard to find a solution on pfsense ; on pfsense it works now  Checkpoint is a RHEL completely modified knowing that it is similar to Quagga. I could put Quagga as an external router but i want to solve this issue. Not a lot of information on the web considering this point.

Basic commands like this one doesn't work:

set static-route default nexthop gateway address 192.99.~.254 priority 1 on
set static-route default nexthop gateway address 192.168.1.1 off
save-config

Thanks,

Gregory

First email address: gregory.morilleau@alliacom.com

Second email address: gregory.morilleau@axians.com

1 Reply
PhoneBoy
Admin
Admin
‎2018-09-22 03:13 PM

The only supported mechanism to configure static routes in Gaia OS is using the clish commands or via the WebUI.

Hacking the configuration files you are trying to hack is unsupported.

You can only configure a next hop to be either:

  • A specific IP address (needs to be on the same subnet)
  • A specific interface

Have you tried configuring the next hop as a specific interface?

Note that configuring the default route to have a next hop that is an interface (versus a specific IP) will cause the ARP cache to rapidly fill up. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top