Hello guys,
Not too sure how to subnject the question which I have.
It might be bit compicated to explain but will try.
We are currently having SSG550M in our network with 2 separate internet connections. One connection if for the business the second one is for Wireless Guests. We would like to keep WiFi separately so the guests who are using it won't have access to our LAN resources.
To make it simple there is to separate subnets one dedicated for LAN (10.X.X.X/8) and second fro WiFi (192.168.X.X/16).
Everything works fine untill someone from Guest is trying to access the Web Site which is hosted on one of the servers or Juniper SSL boxes inside of our LAN.
When pinging the website url the DNS resolve the name to correct public IP address which sits on our firewall (MIP) and sends all the traffic to it.
The traceroute also looks correct.
I believe what happens is that the traffic which goes out from WiFi Untrust interface and the comes back in via Business Untrust interface will be redirected incorrectly by the firewall's routing table and rahter that send the reply back to the Untrust WiFi ip address it will look for a route in the routing table of the firewall and will do it using that route.
The question now is it possible to somehow change it using maybe PBR or untrust-vr (has never used this and not too sure how it works).
Thanks for all the suggestions.
Regards,
Dom