So say you have Asymmetric Routing between Network-A and Network-B so you are testing the XG in bridge mode between each network which are in LAN zone.
you configure the XG to bypass-state-firewall-config add source Network-A dest_ Network-B
then configure the XG to bypass-state-firewall-config add source Network-B dest_ Network-A
Monitoring traffic from a transparent bridge right now you need NAT IPs (from internal routers on one of the networks) with alot of udp netbios traffic.
If the firewall becomes a gateway do I have to worry about that being blocked or does the bypass-stateful rules prevent scanning of that traffic?
I have found that anytime you assume traffic is going to flow it doesn't.
BRO,
asymmetric routing is blocked in both mode (bridge and routing). Firewall complains that generated traffic is not coming back so it drops the connections.
The other option is to bridge the LAN interface with the interface that connects to MPLS network, so no bypass rules are needed. Here an example:
Quote