Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader
Jump to solution

PBR limitation with ISP redundancy on is still there?

Hey Guys,

I still remember there was a limitation in earlier version when ISP redundancy is enabled on firewall modules PBRs (Policy based Routing) configured does not work as ISP redundancy does take precedence.

Yesterday I was working on one of the scenario and I configured PBR with ISP redundancy on and its worked as expected. Then I tried searching if that limitation is removed and did not find any such concrete answer hence keen to know any official answer?

TIA

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

PBR and ISP Redundancy perform similar functions and are not supported together.
It is documented here: https://support.checkpoint.com/results/sk/sk167135

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

PBR and ISP Redundancy perform similar functions and are not supported together.
It is documented here: https://support.checkpoint.com/results/sk/sk167135

0 Kudos
the_rock
Legend
Legend

It does work 100%, had customer do it and was fine. But, as phoneboy said, officially, its NOT supported.

Andy

0 Kudos
Blason_R
Leader
Leader

Yes - I knew that it does not work together and it wasn't when I had implemented (or tried implementing)couple of times before. However yesterday same thing I decided to try with R81.10 and woahh it worked not sure why!!

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend

I never tested it in R81 base, but it works fine in R81.10 and R81.20. But again, since its not officially supported by the vendor, its one of those situations that if it breaks,you are sort of on your own (aka SOL lol)

0 Kudos
PhoneBoy
Admin
Admin

Just because something isn’t supported doesn’t mean it won’t work. 😉
Having said that, relying on unsupported feature combinations in production is unwise.

0 Kudos
the_rock
Legend
Legend

Thats true, but lets be 100% honest...we all know that TAC will tell people right away if something is not officially supported, even if it works. Having said that, I dont blame them, all vendors' support would do that : - )

0 Kudos
RS_Daniel
Advisor

Hello,

I also used PBR's on a ISP redundancy scenario, when we configured the PBR's it worked ok but when we changed an existing rule, let's say pbr rule 15, the previous one was not deleted, so checking with ip rule command we had duplicated rule 15, and the new one didn't start working until i deleted manually the old rule 15 with ip rule del command.

So in my experience it works but not very well and as @PhoneBoy and @the_rock  told you, not recommended to have an unsupported feature working on production.

Regards

0 Kudos
the_rock
Legend
Legend

Agree 100%. I dont know, MAYBE if Diamond customer wanted to do this, would be okay, considering how much money those customers pay, otherwise, I doubt it lol

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events