Knowledge Search


[Archive] Passing Traffic Through Both Dual Untrust Interfaces

  [KB7376] Show Article Properties

Passing Traffic Through Both Dual Untrust Interfaces
Equal Cost Multipath Routing Session Load Sharing CX 88168

In ScreenOS 5.1.0 and higher, you can load share sessions between two untrust interfaces.  This is possible in conjunction with the new feature, Equal Cost Multipath (ECMP) routing.

In order to do this, all interface failover configurations must be unset or disabled.  Once you do this, the procedure is as follows:

  1. Create the static or default routes to go through both interfaces
  2. Specify  Maximum ECMP Routes Limit to 2
  3. Specify Static Route Preference 0
  4. Ensure Interface Failover is not enabled


Go to Network > Routing > Destination.  Click New (to add default route for one of the untrust interfaces)

In this example, we set a static default route using interface ethernet3, gateway IP  Specify a Preference of 1, and a Metric of 50

Related Links: