Check Point Gaia route missing after adding via ip route add problem
Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate. I guess it was done on purpose to give more control to the administrator over the routing table. One of the quirks of it is when you add a route via SSH the Linux way you don’t get any error but this new route does not show anywhere – neither in Gaia nor on Linux level. On the other hand if you add the very same route via Gaia GUI or in clish – works fine. The culprit for this behavior is this setting you can change in Gaia https GUI:
Go to Gaia https: Advanced Routing -> Routing Options -> and click to select on “Kernel Routes” -> then Apply. That is it – now if you add routes in expert mode with ip route add 22.214.171.124/24 via 192.168.13.254 this newly added static route will appear on both Gaia and Linux OS with the mark K for Kernel:
Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default), O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA) A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed, U - Unreachable, i - Inactive S 0.0.0.0/0 via 192.168.211.254, eth0, cost 0, age 16426 C 127.0.0.0/8 is directly connected, lo K 126.96.36.199/24 via 192.168.13.254, eth0, cost 0, age 25
When working with routes/networking on the command line make sure to read these as well:
All you need to know about networking in Checkpoint firewall SecurePlatform FAQ
Convert Checkpoint SPLAT routes into Gaia configuration commands
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.