Working with Source-Based Routing

Introduction

Source-based routing directs traffic to a specific destination based on the source IP address or a combination of the source and destination IP addresses.

Rules defining Source-based routing take precedence over ordinary destination-based routing rules.

This section describes how to configure sourced-based routing rules when working in a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environment.

The procedures for defining source-based rules are the same for Virtual Routers in both VSX Gateways and VSX Clusters.

Item

Description

 

Item

Description

1

Internet

 

8

Wrp Unnumbered interface

2

Router

 

9

Virtual Systems

3

Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.

 

10

Internal Virtual RouterClosed Virtual Device on a VSX Gateway or VSX Cluster Member that functions as a physical router. Acronym: VR.

4

VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.

 

VLAN Interface

5

Switch

 

VLAN Truck

6

External Virtual Router

 

Warp link

7

wrpj

 

 

 

Defining Source-Based Routing Rules

Define Source-based Routing rules in the Topology page of the Virtual Router definition window.

To define source-based routing rules:

  1. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. or Target Domain Management Server that manages the Virtual Router.

  2. From the Gateways & Servers view or Object Explorer, right-click the Virtual Router object and select Edit.

    The General Properties window opens.

  3. From the left navigation tree, select Topology.

  4. Click Advanced Routing.

    The Advanced Routing Rules window opens.

  5. Click Add to define a new ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. or select an existing rule and click Edit to change it.

    The Add/Edit Route Rule window opens.

  6. Define these settings:

    • Source IP Address and Net Mask

    • Destination IP Address and Net Mask

    • Next Hop Gateway

  7. Click OK.