This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
Wednesday

Static route in VSX

Hi Everyone,

We have a Checkpoint R81.10 security gateway in a VSX environment. I'm trying to configure the following routes:


• Source: 172.16.1.0/24
o Destination: 10.1.1.1/32
o Gateway: VPN tunnel


• Source: 172.16.1.0/24
o Destination: 0.0.0.0
o Gateway: external interface


However, the VSX route configuration seems to only allow specifying the destination IP, not the source IP. Is there a way to achieve this configuration?

 

 

 

 

0 Kudos
5 Replies
Alex-
Leader Leader
Leader
Thursday

PBR requires a Virtual Router as per sk79700.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
Thursday
In response to Alex-

PBR should be possible on a VS since R80.40 per sk167135 

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority
Thursday
In response to Alex-

No, there is no more a requirement for  a virtual router if you want to use PBR. You can use normal PBR rules.

With VSX some limitations for PBR exists.... see sk167135 - Policy-Based Routing and Application-Based Routing in Gaia mentioned by @Chris_Atkinson 

  • You can configure PBR in Gaia Clish.
  • You can configure only Source IP, Destination IP, and the Interface.
  • You cannot configure additional parameters (destination service port and protocol).
0 Kudos
Ihenock1011
Advisor
Thursday
In response to Wolfgang

We already configure PBR as per below yet when the partner tries to reach to our endpoint it hits the external interface.

set pbr rule priority 01 match from 172.16.1.0/24
set pbr rule priority 01 match to 10.1.1.1/32
set pbr rule priority 01 action table VPN tunnel

FYI  

Partner IP: 172.16.1.0/24

Our Endpoint: 10.1.1.1/32

0 Kudos
Alex-
Leader Leader
Leader
Thursday
In response to Wolfgang

OK, thanks for the clarification. I looked at the VSX SK, not the PBR. 😀

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events