09-30-2011 12:54 PM
I'm trying to find documentation and/or any help to see if PAN firewalls are capable of NATing Two external IP's to a single host IP.
----------> Internal host 10.10.10.10
I have tried searching documentation as well as contacting support and I have not received any answers. I need to get this up quickly if possible. Any and all help is appreciated.
09-30-2011 04:13 PM
The problem you will have is the return traffic. If the DEFAULT GATEWAY is ISP1, all of traffic from ISP2 will exit ISP1. I would suggest 2 virtual routers, one for each ISP so each canhave a separate default gateway. When you NAT the traffic inbound you will need to make the packets look like the original source was the LAN interface of the VR that processed the packet. The Server will basically see traffic from only 2 IP addresses so it will respond to the correct ISP. I have not tried this but it should be possible.
10-02-2011 11:00 PM
Thank you for the response. I understand how to create a virtual router. My other questions then are:
After creating the new virtual router for each ISP, how will I get all other traffic to exit the faster ISP interface?
Also, How would I configure the scenario you suggest? Would this be with policy based forwarding? "When you NAT the traffic inbound you will need to make the packets look like the original source was the LAN interface of the VR that processed the packet. The Server will basically see traffic from only 2 IP addresses so it will respond to the correct ISP. I have not tried this but it should be possible."
Again thank you for the insight and if there is documentation for me to read and configure. I'm happy to read it. I am still new with PAN firewalls, so I might not know what the correct procedures are, but I'm willing to put the time in to learn.
10-03-2011 12:20 AM
this is very easy , we have done this even with three ISPs not just two, all you have to do is to apply policy based routing on the internet router .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!