How can I set the below on SCREEN-OS for ISG1000
Maybe a good solution is to place outgoing interfaces in the same zone and then disable the syn-ack checking. You'll get the best of both then.
under set security flow:
tcp-session { no-sequence-check;
no-syn-check; no-syn-check-in-tunnel; rst-invalidate-session; rst-sequence-check; tcp-initial-timeout
seconds ;
}
I think (didn't try !) when you disable syn-check you can route asymetric. It's certainly worth a try. Works this way in ScreenOS. Of course: you're reducing security this way.
best regards,
Screenie.
JNCIA IDP EX AC DX (expired (:-)
JNCIS FW SSL ER ES
JNCI