Coding Computers

How to Delete Static/Persistent Route in Checkpoint Cli

To delete a static or persistent route in a Check Point environment via the CLI (Command Line Interface), follow these steps:

  1. Connect to the CLI:
    • Connect to your Check Point device using an SSH client (like PuTTY or OpenSSH) or directly via console.
  2. Enter Expert Mode:
    • After logging in with your normal administrative credentials, enter Expert Mode by typing expert and then inputting the expert password when prompted.
  3. View Current Routes (Optional, but helps confirm which route to delete):
    • Use the following command to display the routing table:
      netstat -nr
    • Identify the route you want to remove.
  4. Delete the Route:
    • Use the following command to delete the route:
      route delete <destination_network>
    • For example, to remove a route to the network, use:
      route delete
  5. Making the Change Persistent:
    • If the route was added persistently, it might be listed in the local.arp file. To ensure the route doesn’t get added back after a reboot, you must edit this file.
    • Open the local.arp file using a text editor like vi:
      vi $FWDIR/boot/modules/local.arp
    • Search for the route entry, and remove or comment it out.
    • Save and exit the editor.
  6. Reboot (if necessary):
    • If you’ve made changes to the local.arp file, you may need to reboot the Check Point device to ensure changes are fully applied. Make sure to plan this, as a reboot will momentarily disrupt the network service:

Always ensure you have backup configurations and carefully verify your changes, especially when working on critical devices like firewalls.

Leave a Reply

Your email address will not be published. Required fields are marked *