NGX R60, NAT and Routing question?

[nesysen]

Hi All.
I have a Nokia IP260 with Checkpoint NGX R60 installed. There're 4 interfaces on IP260. Here's my network map:
Firewall:
IP260: eth1 --- Router --- ISP1: Lease line. (Static IP)
IP260: eth2 --- modem ADSL bridge mode ---- ISP2: ADSL (Static IP)
IP260: eth3 --- DMZ (192.168.1.0/24) -- Nat to public IP via Firewall
IP260: eth4 --- LAN (10.0.0.0/24)

I want all servers in DMZ go to internet through Leaseline link and All client in LAN go to internet through ADSL line.

How do I config on Firewall?

Rgds.

[northlandboy]

Sounds like you're trying to achieve source based routing - which you can't do on a Nokia.

You can control where inbound traffic comes via your BGP advertisements, but you can have only one default route.

Looks like you need to rethink what you're trying to do.

[rayden69]

Through the use of NAT and 2 equal cost default routes you can achieve the goal you are trying to perform.


Hide 192.168.1.0/24 behind eth1 --- Router --- ISP1: Lease line. (Static IP)

and 10.0.0.0/24 behind eth2 --- modem ADSL bridge mode ---- ISP2: ADSL (Static IP)

if you want static nats for some of the DMZ you must make sure to use an IP available on the ISP1 network and provided to you from them.

If this is not clear enough please let me know and I can assist you in the creation of these rules/NATs.

[nesysen]

Thanks alot for support.
I have a static IP addresses range of ISP1 and I config static NAT for all DMZ Server via Nokia eth1 interface and go internet through Router and Leasedline.

My ADSL Line has static IP from ISP2 and I used ADSL Modem under Bridge Mode, use Nokia connect to ISP2 via PPPoE. The Static Public IP address is on Nokia eth3.
I already config LAN (10.0.0.0/24) hide nat (automatic nat) via Nokia and behide ADSL static IP address.

Every client in LAN can connected to Internet but all connection goes through Leaseline.

I don't know why?

Any one can help me?

Thanks.

[NickBrandson]

Possibly, your default gateway is pointed to Leaseline, right?
Take a look of the Xlated Source -> logs for the LAN, it should be NATed with your ADSL-ISP2, right?

Quote:

Originally Posted by nesysen

Thanks alot for support.
I have a static IP addresses range of ISP1 and I config static NAT for all DMZ Server via Nokia eth1 interface and go internet through Router and Leasedline.

My ADSL Line has static IP from ISP2 and I used ADSL Modem under Bridge Mode, use Nokia connect to ISP2 via PPPoE. The Static Public IP address is on Nokia eth3.
I already config LAN (10.0.0.0/24) hide nat (automatic nat) via Nokia and behide ADSL static IP address.

Every client in LAN can connected to Internet but all connection goes through Leaseline.

I don't know why?

Any one can help me?

Thanks.

[Steve_Martin]

U can point the firewall to the Internet router for default gateway. If the router supports policy based routing (cisco routers do), then u can redirect traffic to different gateways based on the source IP range.