We have a Checkpoint UTM-1 2050 appliance running r65
My issue is as follows:
2 external interfaces to different ISPs
5 external IPs per interface
Firewall takes one of each group leaving 4 free for static NAT
We have 5 machines that need to be statically NATed
so the main 4 are on the ext interface which is also the default gateway
The 5th is on the dmz interface which is marked as the backup line in
isp redundancy
Now the 5th machine can receive traffic initiated from the internet..
But it can’t browse the web.
Basically, traffic coming into the firewall is routed correctly back
out the correct interface but traffic initiated by the 5th machine is
being routed out the default gateway with its NATed address of the
other line and consequently is not able to be routed back.
I can add routes to the firewall for destination based routing only
from what I can see.
How do I make traffic go out the correct interface if its initiated by
a box that’s NATed on the 2nd line?
I have tried this with and without ISP redundancy and in both primary/
backup and load sharing modes of ISP redundancy
and nothing works.
Now I know I can dual home the box (add a 2nd internal ip to the box)
and that would be a work around for the issue with one internal IP on
each line...
Which would be the solution if we wanted true isp redundancy but we
really want to be able to take advantage of the extra addresses the
second line gives us.
Any ideas
Is source address routing a hidden option on this box?
Thanks in advance,
Cory
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
