Estoy teniendo problemas de routing, tengo varias Policy Route configuradas y 2 routas statics. Pero las routas estaticas están siendo tomadas primero que las policy route. A qué se debe esto???
Código: Seleccionar todo
FG600B#show router policy
config router policy
edit 1
set input-device "port2"
set src 10.10.0.0 255.255.240.0
set dst 50.63.85.165 255.255.255.255
set gateway 190.80.144.209
set output-device "port18"
next
edit 2
set input-device "port2"
set src 10.10.0.0 255.255.240.0
set dst 190.80.144.210 255.255.255.255
set gateway 190.80.144.209
set output-device "port18"
next
edit 3
set input-device "port2"
set src 10.10.0.0 255.255.240.0
set dst 98.143.35.251 255.255.255.255
set gateway 190.80.144.209
set output-device "port18"
next
edit 4
set input-device "port2"
set src 10.10.0.0 255.255.240.0
set dst 192.168.255.20 255.255.255.255
set gateway 192.168.255.75
set output-device "port1"
next
end
Código: Seleccionar todo
FG600B#show router static
config router static
edit 2
set comment "Linea Primaria Internet Academico"
set device "port19"
set gateway 10.1.1.1
next
edit 4
set device "port16"
set gateway 200.42.216.1
set priority 5
next
end
Código: Seleccionar todo
FG600B # show firewall policy 24
config firewall policy
edit 24
set srcintf "port2"
set dstintf "port18"
set srcaddr "Red_10.10.0.0/20"
set dstaddr "98.143.35.251" "50.63.85.165"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set logtraffic enable
set application-list "default"
set profile-protocol-options "default"
set nat enable
next
end
Código: Seleccionar todo
FG600B3909601163 # show firewall policy 22
config firewall policy
edit 22
set srcintf "port2"
set dstintf "port19"
set srcaddr "Red_10.10.0.0/20"
set dstaddr "all"
set action accept
set schedule "always"
set service "Internet_Access"
set utm-status enable
set logtraffic enable
set webfilter-profile "Internet_CBNH"
set application-list "Academico_Ctrl_App"
set profile-protocol-options "default"
set nat enable
next
end
Código: Seleccionar todo
FG600B#execute traceroute 50.63.85.165
traceroute to 50.63.85.165 (50.63.85.165), 32 hops max, 72 byte packets
1 10.1.1.1 47.797 ms 0.911 ms 46.377 ms
2 196.3.74.198 <pri-198-b3.codetel.net.do> 44.829 ms 45.281 ms 47.918 ms
3 172.23.24.145 48.397 ms 51.308 ms 43.789 ms
4 172.23.24.105 46.012 ms 42.802 ms 43.988 ms
5 157.238.179.41 <ae-7.r05.miamfl02.us.bb.gin.ntt.net> 45.713 ms 42.380 ms 43.451 ms
6 129.250.2.128 <ae-4.r04.miamfl02.us.bb.gin.ntt.net> 42.894 ms 43.727 ms 43.439 ms
7 64.125.12.181 <ge-1-2-8.mpr1.mia1.us.above.net> 44.927 ms 42.932 ms 45.102 ms
8 64.125.30.194 <ge-1-0-0.mpr2.mia1.us.above.net> 92.310 ms 49.159 ms 50.502 ms
9 64.125.30.202 <xe-4-0-0.cr2.iah1.us.above.net> 146.972 ms 95.536 ms 106.049 ms
10 64.125.30.149 <xe-1-1-0.mpr4.phx2.us.above.net> 148.104 ms 139.085 ms 186.037 ms
11 209.66.64.6 <209.66.64.6.t01121-04.above.net> 155.039 ms 137.969 ms 140.444 ms
12 184.168.0.69 <be38.trmc0215-01.ars.mgmt.phx3.gdg> 138.093 ms 132.729 ms 139.382 ms
13 184.168.0.69 <be38.trmc0215-01.ars.mgmt.phx3.gdg> 99.505 ms 128.122 ms 123.201 ms
14 216.69.188.30 <be100.125.trmd0215-01.ars.mgmt.phx3.gdg> 128.228 ms 99.024 ms 105.026 ms
15 208.109.112.125 <ip-208-109-112-125.ip.secureserver.net> 124.918 ms 129.666 ms 125.387 ms
16 50.63.85.165 <ip-50-63-85-165.ip.secureserver.net> 133.116 ms 127.777 ms 132.857 ms
Código: Seleccionar todo
FG600B#execute traceroute 98.143.35.251
traceroute to 98.143.35.251 (98.143.35.251), 32 hops max, 72 byte packets
1 10.1.1.1 44.243 ms 4.311 ms 51.307 ms
2 196.3.74.198 <pri-198-b3.codetel.net.do> 182.804 ms * 156.206 ms
3 172.23.24.141 224.988 ms 187.607 ms 184.460 ms
4 172.23.24.105 154.298 ms 134.333 ms 131.537 ms
5 157.238.179.41 <ae-7.r05.miamfl02.us.bb.gin.ntt.net> 149.782 ms * 150.219 ms
6 * * *
7 154.54.80.53 <te9-8.ccr02.mia01.atlas.cogentco.com> 312.076 ms * *
8 * 154.54.25.74 <te0-2-0-6.mpd22.iah01.atlas.cogentco.com> 150.964 ms 185.241 ms
etc