Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 15086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Asymmetric Routing Question

B.R.O.

So say you have Asymmetric Routing between Network-A and Network-B so you are testing the XG in bridge mode between each network which are in LAN zone.

you configure the XG to bypass-state-firewall-config add source Network-A dest_ Network-B

then configure the XG to bypass-state-firewall-config add source Network-B dest_ Network-A

 

 

Monitoring traffic from a transparent bridge right now you need NAT IPs (from internal routers on one of the networks) with alot of udp netbios traffic.  

If the firewall becomes a gateway do I have to worry about that being blocked or does the bypass-stateful rules prevent scanning of that traffic?

 

I have found that anytime you assume traffic is going to flow it doesn't.



This thread was automatically locked due to age.
  • +1

    BRO,

    asymmetric routing is blocked in both mode (bridge and routing). Firewall complains that generated traffic is not coming back so it drops the connections.

    The other option is to bridge the LAN interface with the interface that connects to MPLS network, so no bypass rules are needed. Here an example:

  • 0 in reply to lferrara

    Hi, 

    I just want to make sure that I did not get it wrong:

    You mean a solution is to bridge XGs LAN-Port (if the XG is R1 for example) and connect MR1 LAN-Port to this Bridge-Port, so that the traffic flow gets through the XG?

Unfiltered HTML