This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
subrun_jamil
Contributor
‎2022-11-23 06:32 AM

Intervlan Routing is not working on Mgmt Interface for CheckPoint

Intervlan Routing is not working on Mgmt Interface for CheckPoint.

I have a New CheckPoint Firewall. On Mgmt Interface I configured L3 Sub Interfaces. In CheckPoint Mgmt Interface , need to have IP assigned , since I assigned One L3 Subnet on Mgmt Interface and created more Sub interface.

However I am not able to Ping any IP of that Subnet ( Mgmt Interface ) , from IT Network , but can Ping the Gateway from IT Network.

Also , Considering Mgmt Interface IP is 10.7.251.49 and a Server IP is 10.7.251.55 , they can Ping each other but not from IT Network. There is a OPSF between IT ( Cisco ) with CP firewall , I am redistributing the Mgmt Interface over OSPF.  

CP Firewall has the route to network from where I am trying to Ping to Server IP is 10.7.251.55.

Cisco## sh run interface gigabitEthernet 3/0/48   ---- Mgmt Interface Connected 

interface GigabitEthernet3/0/48
switchport trunk native vlan 2103
switchport mode trunk

Cisco##show mac address-table interface GigabitEthernet3/0/48

Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
2103 MAC.MAC.MAC DYNAMIC Gi3/0/48

0 Kudos
7 Replies
_Val_
Admin
Admin
‎2022-11-23 06:38 AM

Check routing first, and then policy on your Security GW.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-23 06:50 AM

Anti-spoofing / asymmetric routing would be topics to start investigating here.

CCSM R77/R80/ELITE
0 Kudos
subrun_jamil
Contributor
‎2022-11-23 09:48 PM
In response to Chris_Atkinson

@Chris_Atkinson  @_Val_ 

Did not install the Smart Dashboard yet. Security GW is running on no policy using ( fw unloadlocal ) while I was preparing with single mgmt interface and install smart dashboard on that mgmt subnet.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-23 10:30 PM
In response to subrun_jamil

Sounds like routing or possibly incorrect netmask setting perhaps?

CCSM R77/R80/ELITE
0 Kudos
subrun_jamil
Contributor
‎2022-11-23 09:49 PM
In response to Chris_Atkinson

From GAIA Portal is there any Anti-Spoofing Option ? I do not see any unless I missed.

0 Kudos
(1)
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-11-23 10:28 PM
In response to subrun_jamil

It's defined based on the interface topology of the Gateway object in SmartConsole.

CCSM R77/R80/ELITE
0 Kudos
subrun_jamil
Contributor
‎2022-11-24 09:34 AM
In response to Chris_Atkinson

@Chris_Atkinson 

Smart Console is not setup yet just configured one  LAN Interface ( mgmt ) and OSPF for WAN.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events