Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
michel_koenig
Explorer

Dual ISP incoming flow

Hello,

I need to setup an access to a WEB server in DMZ from two different ISP

This is working fine on WEB1 where the router is the default GW

But not from WEB2, the reply packet get out by WEB1

I need some help to setup a policy routing to respond to WEB2 GW if the incoming packet is coming from WEB ISP

Thank you

Michel

0 Kudos
5 Replies
Timothy_Hall
Legend Legend
Legend

Check out the ISP Redundancy feature, which once enabled can do what you want.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
michel_koenig
Explorer

Hello,

Thank you for your reply

I already look at this feature here:

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_fr...

But my need is more simple, just want to respond to query incoming from ISP2 on the ISP2 and not to the default GW that is on ISP1

I don't like to use ISP2 for outgoing flow

Michel

Dual ISP incoming Flow.png

0 Kudos
PhoneBoy
Admin
Admin

Looks like R3 natting the destination from .33 to .1
If it also translates the source IP to something on the same subnet as that private link, now you have something that won't go out the default route.
0 Kudos
michel_koenig
Explorer

Unfortunately, R3 is a PepLink device that isn't able to law about the source IP

I open a case to PepLink to see if there is a solution

Michel

 

0 Kudos
amdhim0004
Contributor

You need to add static route for WEB2. please refer below example/ 

++

set static-route WEB2_IP/32 nexthop gateway address (ISP-2 gateway) priority 1 on

++

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events