Seems I have been running in another problem related to firmware updates. Perhaps somebody is able to confirm this behavior on on V4.20(AAKZ.2)
policy routes are as follows (more for different vlans..)
1 all traffic from local subnets with destination local subnets next hop interface lan 1 without translation
2 all traffic from local subnets with destination any next hop wan1 with SNAT 192.168.x.x (IP in the subnet of the FW connected on wan1)
this has been working flawless for ages. since the update this is completely messed up. outoing traffic always arrives at the firewall with the IP of the USGs wan1 interface. even if i roll back to the previous firmware on the standby partition this is happening.
now...
if i put rules # 2 on top it works.
if i disable all policy routes in front of #2 which should be the same as putting #2 on top, the traffic arrives with the IP of the USGs wan1 interface...
this of course is driving me nuts as it messes all the firewall rules on the edge router/firewall which was based on the translated IPs provided...
↧