CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: R76 - VS, OSPF Routing issue

  1. #1
    Join Date
    2006-05-24
    Posts
    42
    Rep Power
    0

    Default R76 - VS, OSPF Routing issue

    We implemented R76 Gaia VS this weekend using OSPF to redistribute static routes and interface subnets for our DMZ's into our campus OSPF area. We see all the routes from our campus but campus cannot see the firewall's DMZ subnets or static routes. We are communicating with the neighbor routers but no redistribution taking place. Why???? Any help will be appreciated.

    This worked using SPLAT on our old firewalls, all we needed to do there was under router OSPF 1, add a line redistributing kernel and direct routes. Nothing like that in GAIA.

    Thanks,
    cpguy

  2. #2
    Join Date
    2006-05-24
    Posts
    42
    Rep Power
    0

    Default Re: R76 - VS, OSPF Routing issue

    I figured out the interface subnets and how to redistribute them into OSPF. Thiss command must be part of the OSPF configuration.

    set routemap DIRECT-2-OSPF id 10 match protocol direct

    Now I'm working on how to redist. the static routes. Half way there.

  3. #3
    Join Date
    2006-05-24
    Posts
    42
    Rep Power
    0

    Default Re: R76 - VS, OSPF Routing issue

    Figured the statics out also.... Had to add another routemap statement and define the statics plus add the following lines:

    set ospf export-routemap KERNEL-2-OSPF preference 2 on
    set routemap KERNEL-2-OSPF id 11 on
    set routemap KERNEL-2-OSPF id 11 allow
    set routemap KERNEL-2-OSPF id 11 match network x.x.x.x/24 exact
    set routemap KERNEL-2-OSPF id 11 match protocol static


    Issue resolved!!!

  4. #4
    Join Date
    2006-05-24
    Posts
    42
    Rep Power
    0

    Default Re: R76 - VS, OSPF Routing issue

    UPDATE to GAIA OSPF Routing issues - with this configuration, we have been experiencing routing outages, meaning our DMZ subnets are not redistributed into OSPF for about 20 - 30 seconds every hour on the hour. Turns out that GAIA OSPF updates its routing table every hour on the hour and this is the cause of the brief outage. Now in a somewhat large environment that we have 20 - 30 seconds is a major disruption. Backups and SQL jobs running to name a few. After Checkpoint researching this issue they determined the issue is Graceful restart does not work. So the programmers in Israel is porting a new hot fix for us and its been almost 4 weeks now without the fix. As a work around we have implemented static routes in key locations to overcome the top of hour missing routes. If it wasn't for this cluster being our main cluster leading to the Internet and LAN's default route to us we would be in a world of hurt. Where are the Juniper NS5200's when you need them. From my experience they are masters at VM's and OSPF.

Similar Threads

  1. OSPF issue during upgrade
    By tatapoum in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2013-09-09, 05:14
  2. 21400 - what hardware part controls routing/OSPF???
    By cpguy in forum Check Point 2012 Appliances
    Replies: 3
    Last Post: 2013-08-21, 09:44
  3. [SOLVED] R76 MDS / VSX license SmartUpdate Issue
    By 21marvin in forum Provider-1 (Multi-Domain Management)
    Replies: 0
    Last Post: 2013-07-04, 02:03
  4. OSPF issue with VRRP slave unit
    By irishboyabroad in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2011-09-20, 07:15
  5. HFA30 - OSPF issue
    By TomWoo in forum Dynamic Routing
    Replies: 2
    Last Post: 2009-06-11, 11:55

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •