This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Johannes_Schoen
Collaborator
‎2019-03-13 04:50 AM

Service Routing - Interfaces used for services

Dear community,

I work with Palo Alto Networks firewalls and Checkpoint.

Today, I was wondering, why I'm unable to get a cpuse connections from Gaia R77.30.
After a short troubleshooting I found out, that some domain servers where unreachable from management interface.
Policywise, everything sourced from checkpoint ips should be allowed, nonetheless, I'm unable to ping the dns servers from a few ip addresses.

After changing the management interface to a ip, where the dns-servers can be reached, dns works.
Updates are still failing, but due to a broken Smartlog server, I'm unable to see any logs.

That's my story, now the question:
With Palo Alto, you can define service routes, to say: "DNS is sourced from Ethernet 1/1 with IP w.x.y.z"
"Updates are sourced from MGMT Interface" and so on.

How is this with Checkpoint? Which interface is used for doing Radius, SSH, DNS, NTP, Pings etc?

Where can I configure this?

0 Kudos
1 Reply
AndresQR25
Explorer
‎2023-08-01 01:59 PM

I got a similar issue where I have a monitoring tool point to the firewall MGMT IP but the return traffic goes out from another interface due to a static route already added. A PBR could work depending of the situation, but in my case I want just to route traffic coming to the firewall MGMT IP over the monitoring port to use the mgmt port and any other traffic to use the static route, service route on Palo Alto firewall works, but I haven't found any similar configuration for Check Point. If someone has a workaround will be great to know. Thanks.

 

@Timothy_Hall do you have any suggestion?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events