SecureXL (Performance Pack) also breaks PBR on SecurePlatform. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Gary Scott To: [email protected] Subject: Re: [FW-1] Policy Based Routing with R70 SPLAT - Any actual confirmation that it works?
Posted this in my reply on the 4th, see below. In addition to ISP redundancy, url filtering or anitvirus modules being enabled also break PBR. If I find any others that break it I'll be sure to post. I'm assuming splat here. I do recall in earlier versions being able to route out the secondary ISP link by just adding NAT rules, not sure what changed, however your fwmonitor does show the correct position for NAT for static source, client side to my knowledge just works on static dest.. Don't know if this will work for you but if you can cut off ISP redundancy and setup iproute2 routes and rules you can get source routing to work, trying this with ISP redundancy enabled would not work for me, seems the ISP redundancy ignores any iproute2 stuff. There are some examples here for setting up source routing, http://www.cpug.org/forums/dynamic-routing/2306-specific-routing-per-ip.html of course not officially supported on splat. -GS ________________________________ From: M. N. <[email protected]> To: [email protected] Sent: Wed, January 6, 2010 9:54:02 AM Subject: Re: [FW-1] Policy Based Routing with R70 SPLAT - Any actual confirmation that it works? Found the problem finally for those interested. Policy Based routing does work...but you MUST turn off ISP-Redundancy or else it ignores the routing tables -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of M. N. Sent: Tuesday, November 24, 2009 10:17 AM To: [email protected] Subject: [FW-1] Policy Based Routing with R70 SPLAT - Any actual confirmation that it works? Hi all, I know it is not officially supported by Check Point but it actually works with R65. I am however unable to make it work on a R70 system Added new routing table, alternate default gateway, rules for the table Subnet is set to hide-NAT behind gateway Not sure what I'm missing but traffic is still going to the main default gateway and not the new one. Can someone confirm if they were successfully able to make this work on R70? Thanks Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
