By default, the Static Route configured on ProxySG will override the Return-to-Sender Inbound functionality on ProxySG.
The Return-to-Sender Inbound functionality however will override the default gateway/route.
Example of a Scenario without Static Route
Proxy has a network interface with IP address X.X.2.2
Proxy received a SYN packet from Client with IP X.X.1.10 and MAC Address seen by Proxy as XX:XX:XX:DD:EE:FF on transparent port 80
Proxy has a Default Gateway X.X.2.1 with a MAC address XX:XX:XX:FF:FF:FF
With Return to Sender, Proxy will send a SYN-ACK to the client X.X.1.10 via XX:XX:XX:DD:EE:FF
Example of a Scenario with Static Route
Proxy has a network interface with IP address X.X.2.2
A static route entries X.X.1.0 255.255.255.0 X.X.2.254 is added into ProxySG
X.X.2.254 is resolved as BB:BB:BB:BB:BB:BB
Proxy received a SYN packet from Client with IP X.X.1.10 and MAC Address seen by Proxy as XX:XX:XX:DD:EE:FF on transparent port 80
Proxy has a Default Gateway X.X.2.1 with a MAC address XX:XX:XX:FF:FF:FF
With static route in place, Proxy will send a SYN-ACK to client X.X.1.10 the BB:BB:BB:BB:BB:BB
Overriding the Behaviour
By default, the Static Route will take precedence over the return-to-sender Inbound, to verify the current configuration:
ProxySG#show return-to-sender
Return to sender:
Inbound sessions: enabled
Outbound sessions: disabled
Overwrite static route entry: disabled
Version: 2
To make return-to-sender take precedence over the static route, the following option can be enabled via CLI:
ProxySG#conf t
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)return-to-sender overwrite-static-route enable
ok
To verify the change:
ProxySG#show return-to-sender
Return to sender:
Inbound sessions: enabled
Outbound sessions: disabled
Overwrite static route entry: enabled <-- function now enabled and Return-to-Sender now overwriting static route
Version: 2