Hi, how to configure PBR for redundancy automatic,i try Priority but not functioning.
A network diagram of what you're trying to do would be helpful.
if you want to use two external connectivity and have an automatic backup if you loose one of them ( if I understand correctly) probably you need to implement ISP redundancy , policy base routing wont work in that way
this is the diagram.
User A connect to internet to ISP A
User B connect to internet to ISP B
User C connect to internet to ISP C
When ISP A is down automatic failover to ISP B or ISP C configured with priority is not functioning.
How would the gateway determine ISP A is down?
To do that, you'd need to have a reachability test (such as Ping)--something our PBR doesn't currently support.
yes i understand, there is developed for coming soon pbr support this ?
I believe it's planned, yes, but don't have an exact timeframe.
some date estimated for this ?
It appears there is a customer-specific release that offers this functionality.
Please check with your Check Point office.
A little-known feature of ClusterXL may be able to help here; ClusterXL can be configured to test connectivity to upstream IP addresses with ping, and initiate a failover based on loss of reachability to the pinged hosts. There could be a very different Gaia PBR configuration on the standby member that takes over as a result. See:
sk35780: How to configure $FWDIR/bin/clusterXL_monitor_ips script to run automatically on Gaia / SecurePlatform OS
According to sk100500:
PBR is supported in the following clusters:
Note:PBR must be configured on each of the cluster members individually, and the configuration must be identical.
Can you shed some light if the above statement is correct or is it negated by the sk35780?
I'd say the later SK is probably more correct and the PBR configs should match. I don't think ClusterXL will be able to actually tell if the PBR configuration is different between the cluster members (same way it can't tell if regular IP routing is different between them), but it may cause issues with how connections are represented between the members via state sync. Trying a different PBR config between different cluster members will probably work but will most certainly not be supported.
Hello! I have the same question! Is there any workaround for now? There past one year since first question..... How to achieve same functionality as on ip sla + track on cisco in PBR?????
Please check with your local office about the customer-specific release I mentioned.
Retrieving data ...