- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
In the following cluster interface configuration, does eth1 pass the data traffic ?
if I have two route tables, one for eth0 and the other one for eth1. one route table for eth0 with a default route pointing to eni-eth0 and subnet association with 172.16.11.0/24, the other route table for eth1 with a default route pointing to eni-eth1 and subnet association with 172.16.10.0/24. Any issue with this ?
thanks so much !!
Hi,
yes , sync interfaces also pass data traffic. if they are configured as sync the the connections sync is also passing on those interfaces.
you routing configuration is not correct. you should only have one default route (towards eth0 GW). You need to delete the other default route because it will cause routing issues (traffic is spread to both interfaces).
in AWS Cluster the default is pointing to the ACTIVE member of the cluster. when there's a failover happens we push out an API to AWS and change the default route to the new ACTIVE member.
Hi,
I could answer better if you may share more details. "Leads To" writes to Azure but ENI is AWS term while in Azure we usually route to load balancer. Some of the configuration also depends on version.
In general, the default route to ENI directs all traffic to be inspected. All traffic directed at your VPC/VNET through the front end subnet will be directed to the solution. For backend, putting ENI as default for internal subnets will ensure EW inspection as well as NS.
I have the following which is very close to our prod.
Right now the firewall works as one-armed.
Question 1: if the interface is defined to be sync only, does that interface still pass data traffic ?
Question 2: when is eth1-RT used ? I am wondering eth1-RT is not used here at all.
thanks a lot !!
Hi,
yes , sync interfaces also pass data traffic. if they are configured as sync the the connections sync is also passing on those interfaces.
you routing configuration is not correct. you should only have one default route (towards eth0 GW). You need to delete the other default route because it will cause routing issues (traffic is spread to both interfaces).
thanks a million.
This is what I like to confirm.
Even though we did not get any issue, I still like to confirm the correct way to do.
thanks again !!
One more question to bother, for the cluster, still only one default route is needed ? If default route points to Member A interface for next-hop, what happens if member A fails ?
thanks a lot !!
in AWS Cluster the default is pointing to the ACTIVE member of the cluster. when there's a failover happens we push out an API to AWS and change the default route to the new ACTIVE member.
thanks so much !!!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY