Check Point is a firewall software, all routing issues are addresses by the platform on which you have Check Point installed.
You did not mentioned which platform you have, but mainly what you need is routing configuration and the way to make the changes will depend on that platform (Windows, Linux, Solaris, IPSO, Secure Platform). You also mentioned something about that traffic going to a particular router, while the rest "goes out via the firewall NAT". First of all you need to understand routing and NAT configurations are completely separate things, routing is configured at the platform level while NAT at the firewall level (Check Point). If you want this particular traffic to go to a specific router WITHOUT applying NAT, then you need to do manual NAT for that traffic while have an automatic NAT rule for all the rest (sorry but it is kind of complicated to be explained here, check the PDF documentation available in the installation CDs or the website, for NAT configuration instructions) Now, there is a final comment on your message that says: "or when the router is down it will go out via the firewall NAT", so sounds to me like you want a specific route for this particular traffic, but a dynamic configuration for it to switch to the regular default gateway if that router fails. Routing wise, you would need Dynamic Routing Protocols and the possibility of doing that will depend again the platform you have Check Point installed on, as well as the upstream routers (for possible support or not of particular protocols). NAT wise, I would say it would not be possible to the firewall to know it should apply a no-NAT rule now and a regular NAT hide the next minute just because the router that usually receives that traffic if down. The new SecurePlatform Pro (which requires extra licensing) has Dynamic VPN Routing features that allow for you to have traffic sent through a VPN tunnel most of the time and switch to a second VPN tunnel if the first goes down, but I don't think that feature could be used to dinamically switch for a NAT rule to another. Anyway... maybe somebody else here in the group knows a way to go around it Regards On 1/13/07, Scott Xe <[EMAIL PROTECTED]> wrote:
I am new to CP and need to route from the network going to certain destination via a specified router, i.e., From To Via The local network 164.38.0.0 192.168.0.253 Other than that all go out via the firewall NAT or when the router is down it will go out via the firewall NAT. Your enlightenment is appreciated. Thanks, Scott ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
