Hi, I am planning a firewall migration right now and trying to solve the problem that traffic comes in through two different interfaces during the migration (Internet through old firewall, Internet through new firewall). I was looking at policy based forwarding and stumbeled across the "e, nforce symmetric return" option, which unfortunately is not very well documented. Did anyone here use this yet and can shed some light on it for me? If I understand it correctly, with this feature I could simply attach a PBF rule with no matching criteria (well, "any any") to an interface, select the "No PBF" action, and enable the "enforce symmetric return". Then traffic for that interface would always be routed back through the interface it came in through. Is this right? Thanks Sascha
... View more