Knowledge Search


×
 

[Archive] Passing Traffic Through Both Dual Untrust Interfaces

  [KB7376] Show Article Properties


Summary:
Passing Traffic Through Both Dual Untrust Interfaces
Symptoms:
Equal Cost Multipath Routing Session Load Sharing CX 88168
Solution:

In ScreenOS 5.1.0 and higher, you can load share sessions between two untrust interfaces.  This is possible in conjunction with the new feature, Equal Cost Multipath (ECMP) routing.

In order to do this, all interface failover configurations must be unset or disabled.  Once you do this, the procedure is as follows:

  1. Create the static or default routes to go through both interfaces
  2. Specify  Maximum ECMP Routes Limit to 2
  3. Specify Static Route Preference 0
  4. Ensure Interface Failover is not enabled

WebUI:

Go to Network > Routing > Destination.  Click New (to add default route for one of the untrust interfaces)

In this example, we set a static default route 0.0.0.0/0 using interface ethernet3, gateway IP 1.1.1.1.  Specify a Preference of 1, and a Metric of 50


Related Links: