03-09-2012 02:56 PM
We have SRX650. It has Trust Zone (users), Untrust Zone (Internet) and AV Zone (External AV snanner). For Trust to Untrust traffic interface based NAT is used.
We want, all the users http traffic (browsing) should go to first AV Scanner and then comes to SRX again because AV Scanner gateway is SRX and then goes to internet. How I can do this any idea? I am thing usign PBR to send all the http traffic to AV Scanner.
1- Should I use routing-instance type forwarding or virtual router?
2- Also When reverse http traffic comes it should also pass through AV not directly comes to users.
Attached is the diagram.