Create a Post
Showing results for 
Search instead for 
Did you mean: 

IP Forwarding R80.10

Hi Guys,

I just have my vulnerability report for my firewall and it turns out that I need to disable the IP forwarding mechanism in my CP.

Based on my understanding in general computer networks, IP forwarding is the process handling the packet transfers. If we disable it in the Check Point, how will the firewall transfer packets now? Is my understanding correct or is there something more deeper than that as far as Check Point firewall is concerned?

I was told to disable using this command,

# echo 0 > /proc/sys/net/ipv4/ip_forward

Thanks for your replies in advance.

0 Kudos
4 Replies
Legend Legend

Don't do that, unless you want to cause an outage.

On a regular Linux server, turning off IP Forwarding in the IP driver is a perfectly valid recommendation in most cases.  It is not appropriate to manually manipulate this value on a Check Point firewall.  The Check Point code controls the state of IP forwarding, switching it from the default of 0 to 1 when Check Point services have started, and changing it from 1 to 0 when Check Point services are stopped or policy is unloaded. 

If you manually set it to zero, all traffic attempting to transit the firewall will stop working and be dropped by the IP driver just after inspection point I and just before inspection point o.  Traffic to and from the firewall itself (i.e. SSH connections to clish/expert mode), HTTPS connections to the Gaia web interface, and firewall management operations will still work, but little else will.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos

Hi All,

If this vulnerability was on SmartCenter. Should we config /proc/sys/net/ipv4/ip_forward value to 0?

Tkanks for a lot.

0 Kudos
Employee Employee

Which version of management hopefully not R80.10 still as is no longer supported?

In theory it can be disabled for Management machines (SMS), please consult with TAC for the procedure.

0 Kudos

Hi Chris,

R81 with JFH Take44

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events