I have setup a lab.
If a user authenticates to a XTM25-W fw then the user are allowed to visit a website behind a M500 fw. Fine, but when I try this I get "Spoofed if/site" in M500.
So then, if I add a route in M500 to the clients ext.ip it is working ok.
(XTM trusted interface is on same trusted interface as M500)
My question, is this the way to do it?
I mean, I don´t want add routes to misc. ip´s all the time to avoid this "Spoofed ip" problem.
-turn of "Drop spoofing attacks" is one option but maybe not so good...
I have a simple drawing of the setup, not sure how to post it here (url? how?)