I've got a device with two routing-instances configured. RI A has my ISP circuit installed. RI B has my trusted traffic interfaces configured. RI B also has my loopback interface which I use for management of the device. RI A has a loopback interface which i use for internet traffic destined for my device. I have the default-address-selection configuration applied.
My question is this. I have no interface in the default routing-instance, when traffic from the device, in this case (IDP signature updates from the device destined for services.netscreen.com) where will the traffic originate from? Will the traffic originate from the loopback in RI A or RI B?
Happy to provide more information if there is not sufficient info.
The issue I am trying to solve is to do some sort of source based forwarding due to some issues with ECMP that I can't figure out. I need traffic from this device to take a specific ISP of mine rather than be load balanced.
Re: What will my source-address from this device be?
As mentioned in the KB by design the IDP signature updates are meant to be sourced from the default routing instance only.
You can use the command "set security idp security-package source-address" if you wish to use a different interface other than the fxp in the default routing-instance. However I uderstand this does not solve your requirement to have no footprint in inet.0