Outgoing route for two FB

I have one FB and som incoming NAT rules.
But i have install a new FB and this FB have a IP in the network. say .3 and the older FB have .1.

Now i try to set an incoming NAT from the internet to the new FB and a NAT to internal Webserver for example.This webserver have default gateway to the old FB .1.

And the connection now come from the .3 to the webserver.

Question How can i config the trafic to go back to .3 to the new FB.
Can i set for ex source ip from trafic from the new FB for the policy and the trafic from the webserver go out true the new FB again and not to the old one.

So i can take one service at the time to the new FB semles.


  • Options

    Change the default gateway on the web server.

  • Options

    "So i can take one service at the time to the new FB semles."

    If your goal is to be as seamless as possible when replacing an old Firebox, why not use the old config on the new Firebox? You can import the old config, add the new feature key, adjust for OS Compatibility, adjust for changed number of interfaces if they differ, then just move cabling from the old one to the new one. Devices won't see anything different and you don't have to change your LAN at all.

    Gregg Hill

  • Options

    the new FB have different config than the old one. Another ISP with new IPs and Fiber connection and meny VLANs from satelit Office and so on. So i dont now if the copy configuration is the right way. Then i have en newer FB installed 370. The Older is a M200.
    But i have installd the new one and have 16 External IP and NATs to move to the new one.
    So i ask again.
    can i do it in some way so it works.

  • Options

    There is no way to have FB1 route packets from your web server to FB2 to go out the FB2 external interface. There is no source based routing capability.

    If you choose to migrate incoming services from FB1 to FB2, then you will need to change the appropriate internal server default gateway from FB1 to FB2.

  • Options

    Also, these packets are reply packets which you can't route.

  • Options

    Ok thanks for your answer. i need to do this the hard way. Thanks

Sign In to comment.