Create a Post
Showing results for 
Search instead for 
Did you mean: 

How to configure Symmetric Return with using ISP Load Sharing


If my client has CP FW, two external interfaces, each connected to two ISP links (with public ip adderss A and B) and using ISP Load Sharing mode, and one interface connected to internal and protecting server.

For public to access the internal server, it will first resolve the domain name (assume having external DNS server to respond) to IP address A or B, ingress to check Point  FW, perform Dest-NAT to the internal server ip. 

How we can configure the FW so that the return traffic from the server will follow the same inbound interface (Symmetric Return) which the session created, and perform hide NAT using the same inbound interface?

Thank you!

0 Kudos
2 Replies

sk25152 -- Header is for failures but it's basically what you need to use to hide outgoing connections from the server according to interface it's leaving.



Hi Juan,

For my case, it is the return traffic of initially inbound traffic from public, not outgoing traffic.
It seems the KB did not mention the case for return traffic when it is leaving

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events