Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


SSG5/ MIP/ 2routes Question

SSG5/ MIP/ 2routes Question

SSG5/ MIP/ 2routes Question

2 fw's: the first is internal -non SSG5- and 1gb port speed, the 2nd is a SSG5 and is connected to the internet ont eth0, 100mb.
in between the dmz with a server.

I have 2 Q's:

1) the server has an internal IP. to reach the webserver on it, from the internet, I created a MIP on eth0 + a policy rule. 1st= source any dest mip, service http, allow
2nd any any deny
the mip is a 2nd free public ip.
that works, but outbound traphic showes the public ip of the ssg5, not the mip.
how to resolve that?

2) the server should also bereachable from the internal net: but what gateway to use.
I prefer the internal one -due to the higher bandwidth-, but I cannot create a route to the internet -that is only used for the dmz subnet!
So, what I did for now is: gw=2nd fw, with a persistant route on the server to use the internal gw for 10.*
Is it wise to use a route back to the internal net, on the 2nd fw?
'bandwidth wise' and 'technical wise'?
I ask this because I use an othe int on the SSG5 for administer the box. If I put that rule in, then I cannot access the SSG5 anymore.
So can I use two different routes, to the internal net, using two gateways for each int?

any advice is very welcome!

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close