Routing Policy Configuration

You can configure routing policy for RIP, OSPFv2 and BGP in these ways:

Routing Policy Configuration	Configured In	Description
Inbound Route Filters	Gaia Portal Web interface for the Check Point Gaia operating system., or Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).	Define filters for routes accepted by a given routing protocol. Inbound Route filters are similar to route maps for an import policy.
Route Redistribution	Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal, or Gaia Clish	Redistribute routes learned from one routing protocol into another routing protocol. It is also useful for advertising static routes, such as the default route, or aggregate routes. Route Redistribution is similar to route maps for an export policy.
Routemaps	Gaia Clish	Control which routes are accepted and announced. Used to configure inbound route filters, outbound route filters, and to redistribute routes from one protocol to another. Route maps offer more configuration options than the Portal options. However, they are not functionally equivalent. Routemaps assigned to a protocol for import or export override corresponding filters and route redistribution rules.

Inbound Route Filters let you define which external to a routing protocol routes are accepted by that protocol.

By default, all routes, external to RIP, OSPFv2 (IPv4), and OSPFv3 (IPv6), are accepted by these protocols.

To narrow down the selection of accepted routes, you can edit the default policies and configure new policies.

When you configure Inbound Route Filters, to specify precision with which the network addresses are matched, use the same Match Type criteria rules as for route redistribution:

• The prefix and the mask length are matched exactly.

• The prefix is matched exactly, and the mask length is greater than the one specified.

  For example, if the network address 10.0.0.0/8 is specified in the filter, then any route with the prefix 10 and the mask length greater than 8 is matched, but those with the mask length of exactly 8 are not matched.

• The prefix is matched exactly, and the mask length is equal to or greater than the one specified.

  For example, if the network address 10.0.0.0/8 is specified in the filter, then any route with the prefix 10 and the mask length equal to or greater than 8 is matched.

• The prefix is matched exactly, and the mask length is within the specified range of masks. The mask range values must be equal to or greater than the network mask.

  For example, if the network address 10.0.0.0/8 and the mask range 16 to 8 are specified in the filter, then any route with the prefix 10 and the mask length between 8 and 16 is matched.

Notes: The Routemap import configuration overrides the Inbound Route Filters configuration. By default, BGP does not accept any routes. You must configure explicit policies for BGP to accept routes. BGP policy can also import IPv6, if IPv6 is enabled on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. You can specify IPv6 prefixes in addition to IPv4 prefixes.