Ns5xt trust/untrust mode , routing in/out trust interface ?



  • Hi All,

    Experienced a weird problem yesterday while migration a ns5xt from work/home/untrust mode into trust/untrust mode.

    User had a specific routing entry on the same trust subnet, via the ns5xt (not ideal, but ease of maintenance on hosts side).

    After migration, each session to this subnet, very rapidly times out. From debugging, a session is visible in the session table, using a policy with very high number (believe 33000032 or similar) with a time of 2.

    Is there a way to please this user ? Is the default session timeout adjustable ?
    I believe this is called intra-zone-routing but are there more commands to make this work ?

    trust subnet = 192.168.0.0/24
    additional routing entry made = set route 44.137.0.0/8 gw 192.168.0.3
    So each packet to 44.137.x.x would get routed through the 5xt.

    Thanks for any tips,

    ron


 

44
Online

38.4k
Users

12.7k
Topics

44.5k
Posts