Check Point Gaia route missing after adding via ip route add problem


Check Point Gaia route missing after adding via ip route add problem

Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate. I guess it was done on purpose to give more control to the administrator over the routing table. One of the quirks of it is when you add a route via SSH the Linux way you don’t get any error but this new route does not show anywhere – neither in Gaia nor on Linux level. On the other hand if you add the very same route via Gaia GUI or in clish – works fine. The culprit for this behavior is this setting you can change in Gaia https GUI:
fig 1

Go to Gaia https: Advanced Routing -> Routing Options -> and click to select on “Kernel Routes” -> then Apply. That is it – now if you add routes in expert mode with ip route add 192.13.13.0/24 via 192.168.13.254 this newly added static route will appear on both Gaia and Linux OS with the mark K for Kernel:

show route

Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive
S 0.0.0.0/0 via 192.168.211.254, eth0, cost 0, age 16426
C 127.0.0.0/8 is directly connected, lo
K 192.13.13.0/24 via 192.168.13.254, eth0, cost 0, age 25

When working with routes/networking on the command line make sure to read these as well:
All you need to know about networking in Checkpoint firewall SecurePlatform FAQ
Convert Checkpoint SPLAT routes into Gaia configuration commands

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.