Support Center
>
Search Results
>
SecureKnowledge Details
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
Define your search:
Search entire support site
Policy Based Routing rules matching NATed source address do not work
Technical Level
Email
Print
Solution ID
sk101562
Technical Level
Product
Quantum Security Gateways
Version
R75.40 (EOL), R75.45 (EOL), R75.46 (EOL), R75.47 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R75.40VS (EOL), R77.20 (EOL), R77.30 (EOL), R80.10 (EOL)
OS
Gaia
Date Created
10-Jul-2014
Last Modified
05-Nov-2020
Symptoms
Policy Based Routing rules (
sk100500
) matching NATed source address do not work when routing decision is based on the regular routing table.
Rulebase has a PBR rule matching on a translated source address:
set pbr rule priority X match from TRANSLATED_IP/MASK
Cause
Source translation always takes place on the server side, and cannot be changed to to client side (like destination translation).
The OS routing decision is taking place before the outbound chain. Therefore the PBR rules are being matched against the original source address.
After the routing decision has been made, the packet enters the outbound chain, where it is getting translated.
Solution
Note: To view this solution you need to
Sign In
.
Thanks for your feedback!
Are you sure you want to rate this
stars?