04-15-2013 08:32 PM
This is two parts:
1) I configured Destination NAT rules and corresponding Security Policies to allow inbound access to servers on private LAN. These all utilize the Primary ISP public IP address. If I want these internal servers accessible over the Secondary ISP (as we already have configured PBF failover to the secondary ISP should the primary go down), do I then have to create duplicate NAT rules and Security Policies for each, replacing the Primary ISP IP with the Secondary ISP IP? Or, is there a way to just do NATs and Security Policies to handle both ISPs in a single rule and corresponding policy?
2) With the PBF Failover, I've read about symmetric return being needed for Dual ISPs. The document "Symmetic Return.docx" gives an example, but it's Dual ISPs being NATed and Security Policy'ed to one internal server. If I have rules for several internal servers, does that mean I have to create several PBF rules enforcing symmetric return for each private server, or can I just create one PBF rule enabling symmetric return for the ISP the traffic came through on, period?
