About JamesHamilton

JamesHamilton · ‎04-22-2021

Hi BPry, Yes, both connections are with the same ISP actually. Oddly when I incorrectly configured the wrong IP on a laptop I plugged directly into the CPE router it didn't work so can't understand why it does work now. I think I'll have to try out PBF and see what happens then. Thanks for your help!

JamesHamilton · ‎04-21-2021

Thank you both for your replies, most helpful. I did wonder about the routing table and whether that would need amending. I looked at PBF for another situation but the requirement went away so never got to test it out. As far as routing goes, on our single virtual router, I have the two default 0.0.0.0/0 routes for each WAN interface with their associated next hop IP address and the metric is lower for ethernet1/5, which explains why the traffic is hitting that interface along with regular internet access, despite the new NAT rule. What I didn't understand is how the server out on the internet does show the desired outbound IP hitting their firewall, despite it being the wrong IP for the wrong interface. Is it spoofing that IP somehow?? The traffic is definitely heading out of the 'wrong' interface though. Sounds like PBF may actually be the quicker and easier way forward for this? I could actually set it up for that all internet traffic from these specific internal addresses follows the alternative WAN interface. It doesn't need to be just for that one destination internet IP.

JamesHamilton · ‎04-20-2021

Afternoon all! I'm sure this is easy on our PA850 firewall but I can't figure it out. Interface setup ethernet1/1 - Internal networks - Zone LAN ethernet1/5 - Primary internet line with /27 IP range - Zone WAN ethernet1/6 - Secondary internet line with /29 IP range - Zone WAN A single virtual router for all interfaces I need to have outbound internet access from 4 internal IP addresses destined for one specific internet IP to use a specific physical WAN interface (ethernet 1/6) and associated static IP address. Our default outbound interface, associated IP address and NAT rule is currently on ethernet1/5. The aim is to dedicate the entire bandwidth of the WAN link on ethernet1/6 for replication traffic out to this one specific address, only from these 4 internal servers. I thought I had sussed it by just setting up an outbound NAT rule (above our default outbound NAT rule) as follows: Original Packet Source zone - LAN Destination Zone - WAN Destination Interface - any Source Address - The 4 internal IP addresses Destination Address - Specific internet IP address Service - any Translated Packet Source Translation - dynamic-ip-and-port, ethernet1/6 and required static IP Destination Translation - none When looking at the Session Monitor I can see the translation works and that the static IP address is in fact a WAN IP assigned to ethernet1/6 but that the egress interface is still ethernet1/5. Strangely the traffic still works but its obviously using massive bandwidth on the wrong interface? Any bright ideas or am I missing something obvious with static routes on the default virtual router? Thanks!

Member Since	‎04-20-2021 05:23 AM
Date Last Visited	‎04-27-2021 12:46 PM
Posts	3

Online Status	Offline
Date Last Visited	‎04-27-2021 12:46 PM

About JamesHamilton

Re: Traffic to one internet IP address to use specific interface and WAN IP

Re: Traffic to one internet IP address to use specific interface and WAN IP

Traffic to one internet IP address to use specific interface and WAN IP

Re: Traffic to one internet IP address to use specific interface and WAN IP

Re: Traffic to one internet IP address to use specific interface and WAN IP

Re: Traffic to one internet IP address to use specific interface and WAN IP

Re: Traffic to one internet IP address to use specific interface and WAN IP

Re: Traffic to one internet IP address to use specific interface and WAN IP

Traffic to one internet IP address to use specific interface and WAN IP