- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: PBR and Hide NAT
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PBR and Hide NAT
Good day.
I have two links and I have PBR´S configured
Link 1 eth1 187.150.0.10
Link 2 eth2 203.0.13.53
My default Gateway is: 187.150.0.29
Table 1 X Gateway Provider: 187.150.0.29
Table 2 Y Gateway Provider: 203.0.13.54
And I add a policy source: 192.168.10.10 action: Table 2: Y
In smartDashboard I add the host and do a hide behide NAT to ip 203.0.13.53, this works perfect.
But when I do a tracert from Windows to 8.8.8.8 the route tells me that I am leaving for 187.150.0.29 and it is assumed that we have redundancy of interfaces to route the traffic, when the first link falls we lose internet connectivity throughout the organization.
Any help is really appreciated.
Regards.
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What version of code are you running?
Pretty sure you can only do this with R80.30.
Also, what form of monitoring did you configure with the route as without that, it doesn't know the route has "failed."
Pretty sure you can only do this with R80.30.
Also, what form of monitoring did you configure with the route as without that, it doesn't know the route has "failed."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PhoneBoy
the version is R77.30 when I disconnect my first internet link the second one also falls, from windows I see the public ip and it is the corresponding one to the second link with the Hide nat.
we have two network segments, one goes through eth1 and the other through eth2, when the first one falls, the second one also falls. that's why I did the test with the tracert at 8.8.8.8 from the team that leaves on eth2 but I see that it keeps coming out with the eth1 gateway
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not supported to use policy-based routing with a default route in releases prior to R80.30.
The ISP Redundancy feature can be used to achieve the same result.
Start here to find the necessary documentation: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
That said, R77.30 is about to be End of Support and you should strongly consider upgrading.
The ISP Redundancy feature can be used to achieve the same result.
Start here to find the necessary documentation: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
That said, R77.30 is about to be End of Support and you should strongly consider upgrading.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, PhoneBoy The problem was solved by prioritizing the policy in PBR and placing the gateway's interfaces with priority 1