Hi community,

I have the following challenge...

Environment:

Gaia 3.10
CP R81.20 JHF take 26

the gateway cluster is inside the internal infrastructure behind the internal core.

The default routing goes over the core to a protected internet access, managed by a 3rd party with https, URL-filtering and so on. The clients behind the checkpoint have to use this internet connection (by default route).

This Internet connection should not  be uses for the management of the gateways.

Target:

The gateways should be managed by cloud based management over a different 2nd-ISP connection. Due the nature of cloud based the IP of the management is not known and may be not fixed.
On the 2nd ISP connection we have only 2 available public IPs for the 2 cluster nodes.

So I need 2 different default routes on the gateways.

The idea:

policy based routing...

private cluster interfaces (external) with public IPs of the 2nd ISP on each of the gateways.

Main Table - (default routing) over the 2nd ISP.

a policy with matching for the internal interfaces, which use a different table (client routing) with the internal core as next hop by a transfer network over a different interface (external, too).

The problems:

- Should it work at all?

- I do not have a cluster IP for 2nd ISP (which IP should I set as main IP in the cluster object)?