AnsweredAssumed Answered

What is the equivalent of Cisco "tunneled" route in Check Point to forward all traffic inbound from a VPN connection, straight to another device?

Question asked by Louis Poulin on Jan 10, 2018
Latest reply on Jan 16, 2018 by Dameon Welch-Abernathy

Hello,

 

I want my remote access users/clients to have a different "default route" than the one of the Security Gateway (R80.10). I want a way to tell the Security Gateway to forward all traffic inbound from a VPN connection, straight to another device.

 

In Cisco's world, you can achieve this with a "tunneled" route :

ASA 8.X: Routing SSL VPN Traffic through Tunneled Default Gateway Configuration Example - Cisco 

This document describes how to configure the Adaptive Security Appliance (ASA) to route the SSL VPN traffic through the tunneled default gateway (TDG). When you create a default route with the tunneled option, all traffic from a tunnel terminating on the ASA that cannot be routed using learned or static routes is sent to this route. For traffic emerging from a tunnel, this route overrides any other configured or learned default routes.

 

How can this be done with R80.10 using a VS on a VSX in VSLS mode?

 

Please see attached diagram for more info.

 

Note : I wanted to use Policy-Based Routing, but it doesn't seem to be available with my setup based on the following document from Check Point : Policy-Based Routing (PBR) on Gaia OS 

Attachments

Outcomes