Hello
I've actually configured my firewall to use ISP redundancy in
the following setup.
FW have 2 external interfaces
Interface 1: 172.16.0.0/29 (6 Usables)
.1 = Router
.2 = FW
.3 = ServerA
Interface 2: 172.16.1.0/29 (6 Usables)
.1 = Router
.2 = FW
.3 = Server A
ServerA internal IP = 192.168.100.5
In NATTING I have
ORIGINAL TRANLATED
SOURCE DEST SOURCE DEST
ANY 0.3 ANY
S - 100.5
ANY 1.3 ANY
S - 100.5
100.5 ANY H - 0.3 ANY
100.5 ANY H - 1.3 ANY
Internal ANY H - Behind FW ANY
S = Static
H = Hide
Everything work fine for every host except Server A
The problem is that instead of NATTING the Server A according to
the ISP link used, it always NAT it according to the first rules.
Therfore when using LINK B with NAT A, the packet never come back.
I can of course remove both nat and Hide it behind the firewall,
however this won't work because I Outgoing packet from server to be
identified with a UNIQUE IP.
Does anyone know if it's feasible? Or does I need to use Hide
NAT behind Gateway for all outgoing packet using the ISP link?
Thank
ML
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
