Issues with Policy routing


we have the following configuration:

Internet  >>   FW1 (192.168.3.x) >> FW2 (192.168.33.x) >> Webserver (

On FW1 I setup a DNAT rule to the webserver (

On FW 2 the default gateway is NOT FW1. The default gateway is a FW3, connected to secondary interface on FW2. Currently only traffic to 192.168.3.x is routed to the network between FW1 and FW2.

Now users should be able to access the webserver via FW1 (and only from FW1). It seems that incoming traffic can reach the webserver but there is no outgoing traffic.(I think, because the default route forwards all traffic to FW3)

I thought policy routes were the way to go but it doesn't work.

How can I setup the FW2 that outgoing traffic from the webserver (only port 443) is routed to the FW1 instead of FW3?

Parents Reply Children
No Data