Asym routing and policies

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Asym routing and policies

L4 Transporter

Hi

 

If I have a TCP stream that is initiated and because of routing changes now has to flow through my PA, how to I allow this through.

 

On my other firewall's I can allow non SYN and SYN/ACK through but block SYN's.. How does one do that on a PA with policies ?

 

Alex

16 REPLIES 16

No loopback.2 is not part of the same zone.

 

does zoning influence routing ?

 

I will see if I can describe it again, maybe better.

 

2 PA - active active

 

 

1 trunk (LACP) into the switch ae.1

 

2 vlans'

213 zone ospf

217 zone app server

loopback.1 zone ospf - routerid 

loopback.2 zone inf - Global protect portal - HA IP but fail over , bound to primary no ip arp loading sharing

 

213 - no HA active ip.  but active OSPF interface

217 - HA active ip, enabled ospf but passive  ip - arp load sharing 

 

this is duplicated on the PA's - pa1 and pa2 ... pa1 is the active primary and pa2 - active backup

 

if I have a host PC in vlan 217 that happens to use PA2 , because of the algo used to share.

 

A packet going from the PC to GP portal goes like this

 

PC -> vlan 217 -> PA2 -> out via vlan 213 - because OSPF routes this way -> PA1 -> loopback.2

return path

loopback.2 -> vlan 217 because its directly attached to vlan217.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • 6489 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!