1

I've set up a virtual lab network in vmware with two networks. vmnet2 (192.168.100.0/24) and vmnet3 (192.168.200.0/24).

My R75 is having the ip addresses 192.168.100.1 and 192.168.200.1, and is the default gateway for both of these networks.

This firewall will inspect and route packets from the 192.168.100.0/24 network to 192.168.200.0/24, and vica versa.

However, during the configuration phase of the R75, I am forced to set a default gateway. In my setup, this does not make any sense, as my lab only have two networks, and no other routers.

Is my setup too unrealistic for checkpoint, or do I just miss some knowledge about the need for a default gateway?

Dog eat cat world
  • 206
  • 4
  • 13

2 Answers2

1

Shouldn't matter what the default gateway is. My guess is that Check Point asks for it to determine what interface should be considered "External" for the topology configuration. Whatever lab network is less trusted is where you should point your default gateway.

If it's asking while you're installing SecurePlatform, you can probably just remove the default gateway after the install is complete within the web admin tool.

B Knight
  • 356
  • 2
  • 4
0

There is no harm in having a default gateway, you can set it to anything (reachable). It won't be use for traffic within the two connected networks anyway.

HampusLi
  • 3,398
  • 15
  • 14
  • what about the implications this setup would cause. The current setup only contain the firewall, and a client on each of the network. Wouldn't setting a default route, where there is none break the ICMP unreachable generation? – Dog eat cat world Sep 11 '11 at 09:50
  • I also discussed this with some colleagues today, and the best solution would be to set the default gateway to an ip that is unreachable (in an unknown network). This should make the router behave properly when faced with unroutable destination addresses. – Dog eat cat world Sep 12 '11 at 15:33