Create a Post
Showing results for 
Search instead for 
Did you mean: 

Traffic flow in between C to S via Firewall. How?

Hello All,

Please refer to attached image and solve my query.

Traffic has to go from CLIENT to SERVER. The condition is. It has to go through FIREWALL.

How that would be accomplished?

How traffic will go from client to server via firewall?

0 Kudos
2 Replies

Looks like I get to dig out an old FAQ once again.

I actually feature this exact FAQ in my Migrate to R80.x talks as a Troy McClure slide Smiley Happy

The below is adapted from: Can't Talk to Translated IP from Internal Net 

To force traffic through the Security Gateway, you need to:

  • Block direct communication between the two from the router
  • Direct the client to use an IP that routes the traffic to the Security Gateway (we'll pick in this example)
  • Create a "double NAT" rule, which will ensure the firewall stays between the two hosts.

Original SrcOriginal DstOriginal SvcXlated SrcXlated DstXlated Svc

All traffic coming from that is destined for will get hidden behind (the internal IP address of the firewall) and have a destination of (the real IP of the server).
The side effect of this is that for each connection to your "internal" server using the external IP address, you will see the network connection traverse your internal network twice:

  • Once between the "server" and the Firewall
  • Once between the firewall and the "client"

I haven't actually tried this in years, so it's possible this won't work.

But, if it's going to work, this is how you'd do it.

0 Kudos

Another way is to use VRF's on the router splitting the traffic and using a trunk between router and Firewall. Or directly connect either of the 2 or both networks directly to the Firewall and forget the router altogether.

Regards, Maarten
0 Kudos