CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Redistribute static route with higher metric into OSPF

  1. #1
    Join Date
    2015-04-15
    Posts
    2
    Rep Power
    0

    Default Redistribute static route with higher metric into OSPF

    Hello All,

    Need your expert advise here.
    I need to setup primary and backup link which in this case primary link is using OSPF routing and backup link will be configuring with static route in higher metric in the firewall and get redistribute to OSPF so that primary link is always be preferred route at all time.

    My firewall configuration where the static route was configured as below. I'm using the NGX R65 Checkpoint SPLAT.
    In order to redistribute the static route 10.225.0.0/23 with metric 150 into OSPF, I have created a new access-list and route-map as Static-Routes and Static-Metric-To-OfficeNet respectively.

    However when I read the Checkpoint SecurePlatform Advance routing suite, it stated below. I wonder my configuration below will actually work? Did anyone come across this implementation before and hope to shed some light with me.
    redistribute kernel route-map Route-Filter-To-OfficeNet
    redistribute kernel route-map Static-Metric-To-OfficeNet

    route-map name - the name of a route map to apply to these routes. Specifying this is optional.
    {0,10} - although this command can be given multiple times, it can only be given once for each of the
    configurable protocols. In other words, if a redistribute command is given for a protocol and route map,
    and then given again for the same protocol with a different route map, the second configuration overrides
    the first.

    Static route:
    route add -net 10.225.0.0 netmask 255.255.128.0 gw 161.126.62.17
    route –save

    gateD config:

    access-list Select-Routes seq 5 permit x.x.x.x 0.0.0.0
    access-list Select-Routes seq 6 permit x.x.x.x 0.0.0.0
    access-list Select-Routes seq 7 permit x.x.x.x 0.0.0.0
    access-list Select-Routes seq 8 permit x.x.x.x 0.0.0.0
    access-list Static-Routes seq 9 permit 10.225.0.0 0.0.127.255
    route-map Route-Filter-To-OfficeNet permit 10
    match ip address access-list Select-Routes
    exit
    route-map Static-Metric-To-OfficeNet permit 20
    match ip address access-list Static-Routes
    set metric 150
    set metric-type type-2
    exit
    router ospf 45
    restart-enable
    restart-type signaled
    router-id x.x.x.x
    network x.x.x.x 0.0.0.63 area 0.0.0.0
    network x.x.x.x 0.0.0.15 area 0.0.0.0
    network x.x.x.x 0.0.0.15 area 0.0.0.0
    redistribute kernel route-map Route-Filter-To-OfficeNet
    redistribute kernel route-map Static-Metric-To-OfficeNet
    exit

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,648
    Rep Power
    9

    Default Re: Redistribute static route with higher metric into OSPF

    First off a warning.. splat's dynamic routing has a VERY bad history. It can be very unstable. Using R65's would be a pretty bad idea.

  3. #3
    Join Date
    2015-04-15
    Posts
    2
    Rep Power
    0

    Default Re: Redistribute static route with higher metric into OSPF

    Hi there,

    Sorry for my typo. The actual Checkpoint version will be R70.50.
    Thanks for pointing out.

Similar Threads

  1. Redistribute Class C static routes in BGP
    By cpguy in forum Dynamic Routing
    Replies: 2
    Last Post: 2012-06-11, 16:56
  2. Replies: 2
    Last Post: 2012-03-25, 12:05
  3. Route Based VPN (with OSPF)
    By Testing-123 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2011-01-06, 18:19
  4. SPLAT: static route redistribution & OSPF
    By sroghen in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2009-07-20, 11:48
  5. Replies: 1
    Last Post: 2007-11-01, 10:14

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •