Hi,
we host serveral services behind the UTM. For the outgoing connection, we use a CPC 10M line with a /28 network.
We implemented the adresses in the interface list and the others in the additional interface list.
Our Problem is now, that the outgoing connections have to be use the same IP as on incoming.
Sample:
1.1.1.2:25 Mailserver incoming/outgoing (MX Records set)
1.1.1.3:21 FTP incoming/outgoing (used also for point to point transfers)
1.1.1.4:8999 Service only accessible from a special other host on the same port.
To use security, based on the host IPs, it is necessary that the server, wich hosts the service, has always the same outgoing IP as on the incoming "full NAT" additional IP.
The server on the partner side checks, if i have the right ip, wich is listed there.
If i check the multipathrules, it is only possible to bind the outgoing connection to the interface IP not the additional adresses.
On a line with only one IP, it is easy ...
How you solve such problems?
This thread was automatically locked due to age.
