For details on cookie usage on our site, read our Privacy Policy
Traffic to one internet IP address to use specific interface and WAN IP
- LIVEcommunity
- Discussions
- General Topics
- Traffic to one internet IP address to use specific interface and WAN IP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Traffic to one internet IP address to use specific interface and WAN IP
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-20-2021 05:47 AM
Afternoon all!
I'm sure this is easy on our PA850 firewall but I can't figure it out.
Interface setup
- ethernet1/1 - Internal networks - Zone LAN
- ethernet1/5 - Primary internet line with /27 IP range - Zone WAN
- ethernet1/6 - Secondary internet line with /29 IP range - Zone WAN
- A single virtual router for all interfaces
I need to have outbound internet access from 4 internal IP addresses destined for one specific internet IP to use a specific physical WAN interface (ethernet 1/6) and associated static IP address. Our default outbound interface, associated IP address and NAT rule is currently on ethernet1/5.
The aim is to dedicate the entire bandwidth of the WAN link on ethernet1/6 for replication traffic out to this one specific address, only from these 4 internal servers.
I thought I had sussed it by just setting up an outbound NAT rule (above our default outbound NAT rule) as follows:
Original Packet
- Source zone - LAN
- Destination Zone - WAN
- Destination Interface - any
- Source Address - The 4 internal IP addresses
- Destination Address - Specific internet IP address
- Service - any
Translated Packet
- Source Translation - dynamic-ip-and-port, ethernet1/6 and required static IP
- Destination Translation - none
When looking at the Session Monitor I can see the translation works and that the static IP address is in fact a WAN IP assigned to ethernet1/6 but that the egress interface is still ethernet1/5. Strangely the traffic still works but its obviously using massive bandwidth on the wrong interface?
Any bright ideas or am I missing something obvious with static routes on the default virtual router?
Thanks!
- Mark as New
- Subscribe to RSS Feed
- Permalink
04-22-2021 09:02 AM
Hi BPry,
Yes, both connections are with the same ISP actually. Oddly when I incorrectly configured the wrong IP on a laptop I plugged directly into the CPE router it didn't work so can't understand why it does work now.
I think I'll have to try out PBF and see what happens then.
Thanks for your help!
- Can you setup a S2S VPN behind your Outside (untrusted) interface on same firewall? in General Topics
- Where to see graphs of peak bandwidth usage? in Next-Generation Firewall Discussions
- Symmetric Return Details - DNAT - PBF Out or PBF In return Symmetric in General Topics
- Lacp Issues Peer Not Detected in Next-Generation Firewall Discussions
- Clear Text and Tunnel traffic same physical interface QoS in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
