Hi gurus,
We are trying to implement he following scenario, on a IP350 box we have
our intenet connection where we have remote access VPNs, public
services, etc. However we are trying to implement something to speed up
our web browsing, so we are using a web proxy and we acquire a broadband
connection in order to connect it to the firewall. The bottomline is
that we would like to send the web proxy traffic to the broadband
connection while keeping the rest of the traffic to the original ISP
link. We had tested ISP redundancy on SecurePlatform and one of the
"side effects" of the feature is that we can configure ISP redundancy
(Primary/Secondary) and using manual NAT rules we could decide which
traffic goes through whick ISP link. We tried to do the same on the
IP350 box (IPSO 3.9 and NGX), but we found out that we can't even create
a static NAT on the Secondary ISP link. We could see using tcpdump the
keepalive packets to the default router, and the whole traffic when we
use load balancing ISP redundancy, but packets that are different than
hide NAT "behind the gateway" are not seeing through tcpdump eventhough
they looked accepted on SmartView Tracker.
Have anyone done something like this before?
Hope you can help us,
Regards,
_______________________________
José María Gabaldón
Network Security Engineer
email: jgabaldon AT cybertech.com DOT ve
www.cybertech.com.ve
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
