Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 8038 views
  • Users 0 members are here
Options
Suggested

snat multiple gateways

midnightSun

SNAT with multiple WAN gateways isn't working..

WAN Gateway 1 = Port3 - its public with /27 worth of aliases

WAN Gateway 2 = Port5 - its public with /28 worth of aliases 

(IP Host) SNAT with Port3 aliases work for all of the rules I've created.

(IP Host) SNAT rules for Port5 don't work at all. They use the main Port3 address no matter what I do.

Anyone know how to fix this? I'm not doing any thing exotic. Not using SD-Wan or failover...Just simple rules for in and simple rules for out.



Added TAGs
[edited by: Raphael Alganes at 9:57 AM (GMT -7) on 16 Oct 2024]
Parents
  • +1

    NAT is not doing Routing. 
    NAT will do what you tell NAT should do. But the Routing is another story. 
    If you tell the Firewall to use a SNAT IP for a matching traffic, it will do it. 
    But if the routing decision for example is another Port, then we will SNAT the wrong IP for your Outbound Port. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    How does that apply to SNAT when using Multiple WANs?   

    LAN to WAN3:6

    LAN to WAN5:3

    You wrote = "If you tell the Firewall to use a SNAT IP for a matching traffic, it will do it."

    I'm finding its not doing it when using different ports.

    My mail servers need to leave via specific IPs so headers match DNS lookups. 

    echo "           __     __         __         __     __    _______               ";
echo ".--------.|__|.--|  |.-----.|__|.-----.|  |--.|  |_ |     __|.--.--..-----.";
echo "|        ||  ||  _  ||     ||  ||  _  ||     ||   _||__     ||  |  ||     |";
echo "|__|__|__||__||_____||__|__||__||___  ||__|__||____||_______||_____||__|__|";
echo "                                |_____|                                    ";

    ~~~ I miss Port 17. Remember using telnet to get the Quote of the Day? Maybe I'll set one up for all the port scanners.  ~~~ 

Reply
  • 0 in reply to LuCar Toni

    How does that apply to SNAT when using Multiple WANs?   

    LAN to WAN3:6

    LAN to WAN5:3

    You wrote = "If you tell the Firewall to use a SNAT IP for a matching traffic, it will do it."

    I'm finding its not doing it when using different ports.

    My mail servers need to leave via specific IPs so headers match DNS lookups. 

    echo "           __     __         __         __     __    _______               ";
echo ".--------.|__|.--|  |.-----.|__|.-----.|  |--.|  |_ |     __|.--.--..-----.";
echo "|        ||  ||  _  ||     ||  ||  _  ||     ||   _||__     ||  |  ||     |";
echo "|__|__|__||__||_____||__|__||__||___  ||__|__||____||_______||_____||__|__|";
echo "                                |_____|                                    ";

    ~~~ I miss Port 17. Remember using telnet to get the Quote of the Day? Maybe I'll set one up for all the port scanners.  ~~~ 

Children
Unfiltered HTML