Working with Source-Based Routing

Important - Virtual Routers are not supported (see Known Limitation 01413513).

Source-based routing directs traffic to a specific destination based on the source IP address or a combination of the source and destination IP addresses. Rules defining Source-based routing take precedence over ordinary destination-based routing rules.

This section describes how to configure sourced-based routing rules when working in a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environment. The procedures for defining source-based rules are the same for Virtual Routers in both VSX Gateways and VSX Clusters.

Item	Description		Item	Description
1	Internet		8	Wrp Unnumbered interface
2	Router		9	Virtual Systems
3	Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.		10	Internal Virtual Router Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR.
4	VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.			VLAN Interface
5	Switch			VLAN Truck
6	External Virtual Router			Warp link
7	wrpj

Defining Source-Based Routing Rules

Define Source-based Routing rules in the Topologypage of the Virtual Router definition window.

To define source-based routing rules:

1. Open the appropriate internal Virtual Router definition and select the Topologypage.

2. Click Advanced Routing.

   The Advanced Routing Ruleswindow opens.

   Note: The highlighted rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. is based on a source and a destination address, as compared to the preceding rules, which are based on a source address only.

3. Click Add,to define a new rule or Edit,to change an existing rule.

   The Add/Edit Route Rule window opens.

   Define the properties:

   • Source IP Address and Net Mask

   • Destination IP Address and Net Mask

   • Next Hop Gateway: Select a Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. from the list.

Defining Source-Based Routing Rules

Use the Advanced Routing Rules window to define source-based routing rules.

To define source-based routing rules:

1. Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. or Target Domain Management Server that manages the Virtual Router.

2. From the Gateways & Servers view or Object Explorer, right-click the Virtual Router and select Edit.

   The General Properties window opens.

3. From the left navigation tree, select Topology.

4. Click Advanced Routing.

   The Advanced Routing Ruleswindow opens.

5. Click Add,to define a new rule or Edit, to change an existing rule.

   The Add/Edit Route Rule window opens.

6. Define these settings:

   • Source IP Address and Net Mask

   • Destination IP Address and Net Mask

   • Next Hop Gateway

7. Click OK.