1

I have a simple question for my checkpoint infrastructure.

Do i have to route a net which i wanna access over a configured firewall VPN Tunnel.

Explanation:

I have two firewalls connected over a VPN which have several nets behind them. I need to access a new net at the other firewall and put them in their encryption Domain. Now here is the question: Do i have to route it in the operating system (SecurePlat)?

Thanks!

Fake4d
  • 573
  • 6
  • 9
  • 16

2 Answers2

2

The only reason you would need to add a route is if the network on the remote end was not directly connected to the VPN termination on the other end. Otherwise, adding it to the encryption domain on both sides is the only thing you need to do.

In the event that you needed to put a route in, it WOULD have to be entered in on SPLAT. It's fairly easy to do via the webgui, but you can also do it via sysconfig if you ssh into the Checkpoint.

JakeRobinson
  • 2,886
  • 17
  • 26
1

Adding to JakeRobinson's good answer: If you end up doing it via the SPLAT CLI, remember to

route --save

(Ask me how I know) There's a nice discussion of manual route management in this CPUG thread.

AndyN
  • 1,739
  • 12
  • 14
  • Yah, if you add the routes manually don't forget to save. The "sysconfig" tool saves it automatically though. Here are the instructions: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk30533 – JakeRobinson Jul 23 '10 at 17:39