Hello. I ma trying to set up filter based routing and cant get it working. Everything seems fine to me.
1. Applied firewall filter to interface:
show interfaces vlan unit 20
family inet {
filter {
input FILTER1;
}
address 172.17.20.1/24;
}
2. Created firewall filter:
how firewall filter FILTER1
term pod-allow {
from {
destination-address {
192.168.0.0/16;
}
}
then accept;
}
term mgmt-allow {
from {
destination-address {
172.16.0.0/12;
}
}
then accept;
}
term TERM-test {
from {
source-address {
172.17.20.28/32;
}
}
then {
routing-instance rt-cifra1-test;
}
}
term default {
then {
routing-instance rt-cifra1-all;
}
}
3. Set up routing-instances:
rt-cifra1-all {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 213.167.56.133;
qualified-next-hop 213.167.60.117 {
preference 100;
}
}
}
}
}
rt-cifra1-test {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 213.167.60.117;
qualified-next-hop 213.167.56.133 {
preference 100;
}
}
}
}
}
rt-rcs {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 217.12.253.225;
}
}
}
4. set up routing-options:
interface-routes {
rib-group inet IMPORT-CIFRA1;
}
static {
route 0.0.0.0/0 {
next-hop [ 217.12.253.225 213.167.56.133 213.167.60.117 ];
preference 20;
}
}
rib-groups {
IMPORT-CIFRA1 {
import-rib [ inet.0 rt-cifra1-test.inet.0 rt-cifra1-all.inet.0 rt-rcs.inet.0 ];
}
}
5. and source nat:
pool cifra1-test {
address {
213.167.60.118/32;
}
}
pool cifra1-all {
address {
213.167.56.134/32;
}
}
rule-set rs1 {
from zone trust;
to zone untrust;
rule test-cifra1 {
match {
source-address 172.17.20.28/32;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
cifra1-test;
}
}
}
}
rule r1 {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
cifra1-all ;
}
}
}
}
}
But traceroute shows that traffic goes trought 213.167.56.133 gateway, insted of 213.167.60.117
Can anyone explain to me why?
#SRX#filter-basedrouting