Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MCVas
Contributor

PBR and Hide NAT

Good day.

I have two links and I have PBR´S configured
Link 1 eth1 187.150.0.10
Link 2 eth2 203.0.13.53

My default Gateway is: 187.150.0.29

Table 1 X Gateway Provider: 187.150.0.29
Table 2 Y Gateway Provider: 203.0.13.54

And I add a policy source: 192.168.10.10 action: Table 2: Y

In smartDashboard I add the host and do a hide behide NAT to ip 203.0.13.53, this works perfect.

But when I do a tracert from Windows to 8.8.8.8 the route tells me that I am leaving for 187.150.0.29 and it is assumed that we have redundancy of interfaces to route the traffic, when the first link falls we lose internet connectivity throughout the organization.

Any help is really appreciated.

Regards.

 

4 Replies
PhoneBoy
Admin
Admin

What version of code are you running?
Pretty sure you can only do this with R80.30.
Also, what form of monitoring did you configure with the route as without that, it doesn't know the route has "failed."
0 Kudos
MCVas
Contributor

Hi PhoneBoy

the version is R77.30 when I disconnect my first internet link the second one also falls, from windows I see the public ip and it is the corresponding one to the second link with the Hide nat.

we have two network segments, one goes through eth1 and the other through eth2, when the first one falls, the second one also falls. that's why I did the test with the tracert at 8.8.8.8 from the team that leaves on eth2 but I see that it keeps coming out with the eth1 gateway

 

Regards

PhoneBoy
Admin
Admin

It is not supported to use policy-based routing with a default route in releases prior to R80.30.
The ISP Redundancy feature can be used to achieve the same result.
Start here to find the necessary documentation: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
That said, R77.30 is about to be End of Support and you should strongly consider upgrading.
MCVas
Contributor

 

Hi, PhoneBoy The problem was solved by prioritizing the policy in PBR and placing the gateway's interfaces with priority 1

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events