Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gro_Tea
Contributor

asynchronous routing under PBR

Hello,

we experience strange routing behavoiur which I identified accedently, so I dont know since when it occurs.

We need a bunch of PBR rules, because our Internet breakout is not the standard route due to historical developments.

Standardroute is set to address a.a.a.a which leads to interface a. Clienttraffic on ports 80 and 443 is routed to address b.b.b.b on interface b with PBR. Now an initiated client connection (telnet 8.8.4.4 443) should be routed to b with NAT and return on b and back to the client.

But most of the connections are routed to a with a NAT of b, which means the incomiung traffic returns n interface b and back to te client, which is asynchronous. And this chnges randomley as I tested a few minutes ago. Sometimes its a, sometimes b.

I found sk163252 which describes this behavoiur, but the Hotfix solving this is already installed. We have two 5600 running R80.30 take 155 installed.

sk100500 says, that there are limitations wiith PBR when some other blades are active, but thats hard to believe as discussed in this thread: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/PBR-limitations/m-p/64639/highlig...

So any help is appreciated, because randomely asynchronous routing is not a basis for a stable enterprise network...

Thank you,

Frank

 

0 Kudos
10 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events