Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 366 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing specified traffic from the XG to another firewall, where it's processed, and then pass it back to the XG?

Sacha Roland

I want to realize this situation:

The XG is connected to WAN and processes all traffic, but the traffic from one specified FQDN host has to be processed by another firewall (pfSense/Squid) and then finally this processed traffic should be passed back to the XG, so the XG can distribute it to the clients as if nothing happend. Sorry for not knowing the correct terms, but I hope I could describe the desired outcome.

Is this possible with the XG? What are the concepts/steps I'll have to grasp?



This thread was automatically locked due to age.
  • 0

    Sounds like asymmetrical routing? 

    Lookup for asymmetrical routing and check, if this is the wanted setup, that can be done with XG. It is not the best, but you can actually force the appliance to do so. 

  • 0

    Hi  

    It would be great if you could share traffic details from which Interface traffic is getting into XG and getting out of the XG and how another device is connected with XG and reply back the request.

    If you want to bypass the traffic from stateful inspection, you can use the command

    Logon to CLI Console via Telnet or SSH, go to option 4. Device Console. Execute:

    console> set advanced-firewall bypass-stateful-firewall-config add source_network 10.x.x.0 source_netmask 255.255.255.0 dest_network 192.168.1.0 dest_netmask 255.255.255.0 

           
    console> set advanced-firewall bypass-stateful-firewall-config add source_network 192.168.1.0 source_netmask 255.255.255.0 dest_network 10.x.x.0 dest_netmask 255.255.255.0

    show advance-firewall

    Note: 

    1. It is assumed that XG has all the routing information required to reach the remote subnet 10.x.x.0/24.
    2. If you are bypassing a specific network from the advanced firewall, Scanning and NATing will not apply to that network.