reading the sk100500 I was very surprised when it described
The following features/blades are not supported with PBR:
- Locally-generated traffic
- Security Servers
- Data Loss Prevention (DLP) blade
- Anti-Spam blade
- Mail Transfer Agent (MTA) (relevant for Threat Emulation/Threat Extraction/Data Loss Prevention/Anti-Spam blades)
- ISP Redundancy
- The following applications (which use Check Point Active Streaming [CPAS]):
- VoIP (H323, SIP, Skinny, etc.)
- HTTPS Inspection
- HTTP Header Spoofing
- HTTP Proxy
- IMAP in IPS
Despite my idea where, routing feature on the gateway musn't influence the security features, at the moment I need to have a PBR on a gateway where MTA is active for the TEX blade.
In the enviroment where I'd like to implement PBR and I have MTA enabled on a R80.10 gateway, the PBR doesn't work.
Does someone face the same scenario ?
Does someone know a workaround/solution?