we experience strange routing behavoiur which I identified accedently, so I dont know since when it occurs.
We need a bunch of PBR rules, because our Internet breakout is not the standard route due to historical developments.
Standardroute is set to address a.a.a.a which leads to interface a. Clienttraffic on ports 80 and 443 is routed to address b.b.b.b on interface b with PBR. Now an initiated client connection (telnet 18.104.22.168 443) should be routed to b with NAT and return on b and back to the client.
But most of the connections are routed to a with a NAT of b, which means the incomiung traffic returns n interface b and back to te client, which is asynchronous. And this chnges randomley as I tested a few minutes ago. Sometimes its a, sometimes b.
I found sk163252 which describes this behavoiur, but the Hotfix solving this is already installed. We have two 5600 running R80.30 take 155 installed.
sk100500 says, that there are limitations wiith PBR when some other blades are active, but thats hard to believe as discussed in this thread: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/PBR-limitations/m-p/64639/highlig...
So any help is appreciated, because randomely asynchronous routing is not a basis for a stable enterprise network...