Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Dual ISP incoming flow

Hello,

I need to setup an access to a WEB server in DMZ from two different ISP

This is working fine on WEB1 where the router is the default GW

But not from WEB2, the reply packet get out by WEB1

I need some help to setup a policy routing to respond to WEB2 GW if the incoming packet is coming from WEB ISP

Thank you

Michel

0 Kudos
5 Replies
Highlighted
Champion
Champion

Check out the ISP Redundancy feature, which once enabled can do what you want.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Explorer

Hello,

Thank you for your reply

I already look at this feature here:

https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ClusterXL_AdminGuide/html_fr...

But my need is more simple, just want to respond to query incoming from ISP2 on the ISP2 and not to the default GW that is on ISP1

I don't like to use ISP2 for outgoing flow

Michel

Dual ISP incoming Flow.png

0 Kudos
Highlighted
Admin
Admin

Looks like R3 natting the destination from .33 to .1
If it also translates the source IP to something on the same subnet as that private link, now you have something that won't go out the default route.
0 Kudos
Highlighted
Explorer

Unfortunately, R3 is a PepLink device that isn't able to law about the source IP

I open a case to PepLink to see if there is a solution

Michel

 

0 Kudos
Highlighted
Contributor

You need to add static route for WEB2. please refer below example/ 

++

set static-route WEB2_IP/32 nexthop gateway address (ISP-2 gateway) priority 1 on

++

0 Kudos