ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Policy based routing issue in SSG320M

05.29.12   |  
‎05-29-2012 09:33 AM

I have ssg320m..i have 2 ISP..  ISP 1 & ISP2.. ISP1 for mailing & ISP2 for rest traffic..

For this scenario i configured one default route for my ISP2 & create PBR for mail traffic on ISP1..

I have internel mail server which is mapped with a public ip..

 

its works fine but after 4 to 5 hours this public IP stop pinging from outside..means pbr stop working..

 

Pls give me some suggestion.. 

 

4 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Policy based routing issue in SSG320M

05.29.12   |  
‎05-29-2012 10:01 PM

Really strange issue !!!!!

 

few queries regarding this :

1. When you say public IP stops pinging from outside, I believe you mean from Internet, correct ?

2. Is this a new setup or was it working fine earlier ?

3. When you are unable to ping this public IP from outside, is the mail server also not able to communicate over internet ?

4. Did you get a chance to capture the traffic on firewall at the time of issue and saw something unusual ?

 

Moreover this PBR config must be from Internal IP to external and shouldn't be concerned with traffic from outside.

ScreenOS Firewalls (NOT SRX)

Re: Policy based routing issue in SSG320M

05.29.12   |  
‎05-29-2012 10:41 PM

its a new setup..

yes when i am unable to ping this public ip from outside, my mail server also not able to communicate over internet..

 

But when ping drop then put a default route to my ISP1 and remove it same time then i got the ping..and then its working fine for next 4-5 hours and again ping drop..

 

i am attaching my config & get route output.

Attachments

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Policy based routing issue in SSG320M

05.29.12   |  
‎05-29-2012 10:45 PM

Pls ignore previous get route output..

 

pls find the attached correct get  route output.. 

Attachments

ScreenOS Firewalls (NOT SRX)

Re: Policy based routing issue in SSG320M

06.02.12   |  
‎06-02-2012 12:46 AM

Sorry for the delayed response, had been very busy these days...

 

Could you please gather the following info for me ,

 

1. Which firmware and platform are you using ?

2. At the time of issue

 

Get session src-ip < IP of your mail server>

 

Collect one instance of above command when everything is working fine.

3. Run Debug flow basic with filters at the time of issue and gather the output.