PDA

View Full Version : VLAN.20 on Extenal interface is not reachable



johnny blaze
2010-07-07, 05:20
UTM-1 Firewall,
Have 2 ISPs on External interface defined by VLANS (thanks to simon).
VLAN.10
VLAN.20
Cisco switch ports are assigned to recognize VLANS - to ISPs, External link - to trunk.
In redundancy Tab VLAN.10 - is primary,
VLAN.20 - backup
This scheme works fine and both gates pinging well unless VLAN.10 (ISP1) is disabled.
Gates are not responding, but according to the redundancy scheme it should go through VLAN.20
Could it be technical issue of Checkpoint device, or it's better check routing details?

Any recommendations on abovedescribed?

Thank you,

ShadowPeak.com
2010-07-07, 09:56
Are you using Check Point's ISP Redundancy feature? Just because the VLAN.10 interface is disabled does not mean your default route will automatically switch over from VLAN.10 to VLAN.20 unless you are using dynamic routing on the firewall or the ISP Redundancy feature. If you have more than one static default route defined on your firewall, the first one listed in a netstat -rn will match all traffic and the second default route will always be ignored.

johnny blaze
2010-07-07, 10:21
I'm using ISP Redundancy feature and i have defined all details there

yes, i have defined 2 default routes, 1 for VLAN.10, 2nd - for VLAN.20
and how can i configure it to go via default route 2?

simon
2010-07-08, 07:04
For the archive, this is a continued thread from the post UTM-1 ISP redundancy with 1 External interface (http://www.cpug.org/forums/check-point-utm-1-appliances/13781-utm-1-isp-redundancy-1-external-interface.html#post60385).

Please look there.