Working with Source-Based Routing

Note - In Security Groups in Maestro and Scalable Chassis:

The term VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. means a Security Group in the VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. mode.
Some VSX features have a limited or no support.
Virtual Routers are not supported (Known Limitation 01413513).

Introduction

Source-based routing directs traffic to a specific destination based on the source IP address or a combination of the source and destination IP addresses.

Rules defining Source-based routing take precedence over ordinary destination-based routing rules.

This section describes how to configure sourced-based routing rules when working in a VSX environment.

The procedures for defining source-based rules are the same for Virtual Routers in both VSX Gateways and VSX Clusters.

Item	Description	Item	Description
1	Internet	8	Wrp Unnumbered interface
2	Router	9	Virtual Systems
3	Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.	10	Internal Virtual Router Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR.
4	VSX Gateway		VLAN Interface
5	Switch		VLAN Truck
6	External Virtual Router		Warp link
7	wrpj

Defining Source-Based Routing Rules

Define Source-based Routing rules in the Topology page of the Virtual Router definition window.

To define source-based routing rules:

Connect with SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. or Target Domain Management Server that manages the Virtual Router.
From the Gateways & Servers view or Object Explorer, right-click the Virtual Router object and select Edit.

The General Properties window opens.
From the left navigation tree, select Topology.
Click Advanced Routing.

The Advanced Routing Rules window opens.
Click Add to define a new rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. or select an existing rule and click Edit to change it.

The Add/Edit Route Rule window opens.
Define these settings:
- Source IP Address and Net Mask
- Destination IP Address and Net Mask
- Next Hop Gateway
Click OK.