We currently have 23 9300 layer 3 switches, I opened a ticket with checkpoint our firewall provider and they said i had a routing issue that was preventing our cisco routers to get to the internet aside from the one at our hq that is the only one that can ping out. We have 2 vlans configured Vlan100 (allows internet) Vlan200 (no internet) we have a rule setup in our firewall to allow some of the vlan200 computers (a handful) to touch the internet to get updates etc. For some reason anything outside of the hq router cannot get ping the internet. I'm attaching the notes from my chat with the checkpoint engineer to show what troubleshooting was done.

1 Cluster on the customers network The customer has a 172.16.2.x that is working and the gateway is hide natting it The customer 172.16.36.81 is having problems with ICMP and cannot connect out Based on the ICMP from the Check Point to the server we see the connectivity From the client to the google no traffic is being shown We are going to test the new one 172.16.36.88 10.76.36.1 we are having problems using this as our default gateway for the network The interface coming in 10.76.200.36 and the vlan is 10.76.36.1 We are seeing the traffic failing either way on both ends of the Check Point Firewall No packets are seen on our end Asking the client for a diagram for the allowed traffic Reviewing the client route table I see that the Check Point Firewall is receiving pings from the internal network I want to confirm to the client where does the 8.8.8.8 traffic of the Check Point supposed to go We are seeing that traffic internal 172.16.x.1 goes to the Check Point Firewall and allowed Anything external fail will I believe its due to the routing on the cisco switches causing the impact