Hi,
well i have 4 zones, 3 lan and a dmz
so i have to allow destination nat for mag wich is in the dmz, and mail server wish is in the lan
all zones should egress out isp 1 with source nat and when isp 1 goes down they sould egress out isp 2
what i didn't inderstant is
1 the step of configuration
2- rib-groups { inside *
{ import-rib [ inet.0 TRUST-VRF.inet.0 INSIDE.inet.0 ISP2.inet.0 ]; }
what is inet.0 and inside.inet.0
3- in nat source rule
nat {
source {
rule-set interface-nat-out {
from routing-instance INSIDE;
to routing-instance [ ISP2 default ];
rule interface-nat-out {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
why he choose routing instance isp2 default
4- in firewall filter
why he select from destination adress , why not the source adress
firewall {
filter isp1-in {
term 1 {
from {
destination-address {
1.1.1.0/29;
}
}
then {
routing-instance TRUST-VRF;
}
}
term 2 {
then {
accept;
}
}
}
filter isp2-in {
term 1 {
from {
destination-address {
2.2.2.0/29;
}
}
then {
routing-instance TRUST-VRF;
}
}
term 2 {
then {
accept;
}
}
}
5-in the routing instance, the trust-vr
i didn't inderstand why the route is like this
routing-instances {
TRUST-VRF {
instance-type forwarding;
routing-options {
static {
route 192.168.1.0/24 next-hop 192.168.1.1;
route 10.10.10.0/24 next-hop 10.10.10.1;
}
}
}
and why we create an inside routing instance
thank's in advance for your help