To delete a static or persistent route in a Check Point environment via the CLI (Command Line Interface), follow these steps:
- Connect to the CLI:
- Connect to your Check Point device using an SSH client (like PuTTY or OpenSSH) or directly via console.
- Enter Expert Mode:
- After logging in with your normal administrative credentials, enter Expert Mode by typing
expertand then inputting the expert password when prompted.
- After logging in with your normal administrative credentials, enter Expert Mode by typing
- View Current Routes (Optional, but helps confirm which route to delete):
- Use the following command to display the routing table:
netstat -nr
- Identify the route you want to remove.
- Use the following command to display the routing table:
- Delete the Route:
- Use the following command to delete the route:
route delete <destination_network>
- For example, to remove a route to the
192.168.1.0/24network, use:route delete 192.168.1.0/24
- Use the following command to delete the route:
- Making the Change Persistent:
- If the route was added persistently, it might be listed in the
local.arpfile. To ensure the route doesn’t get added back after a reboot, you must edit this file. - Open the
local.arpfile using a text editor likevi:vi $FWDIR/boot/modules/local.arp
- Search for the route entry, and remove or comment it out.
- Save and exit the editor.
- If the route was added persistently, it might be listed in the
- Reboot (if necessary):
- If you’ve made changes to the
local.arpfile, you may need to reboot the Check Point device to ensure changes are fully applied. Make sure to plan this, as a reboot will momentarily disrupt the network service:reboot
- If you’ve made changes to the
Always ensure you have backup configurations and carefully verify your changes, especially when working on critical devices like firewalls.