Wednesday, July 18, 2012

Checkpoint Port Based Routing in ISP Redundancy

Its possible that certain outgoing connections be routed specifically through the first ISP link at ISP Redundancy Load Sharing Mode
edit the $FWDIR/lib/table.def as follows
By changing it to: no_misp_services_ports = { <500, 17>, <259, 17>, <80,6>};, (where <25,6> stands for SMTP (port 25), TCP (IP protocol 6)), all outgoing SMTP traffic would go through the first ISP link.

Also some tips
Show the currently defined ISP links
#cpstat fw
Test ISP Redundancy by administratively bringing down/up thelink
# fw isp_link ISP-1 down
# fw isp_link ISP-1 up

more advanced commands will be on next release of SmartSPLAT