ProxySG may send ICMP replies via multiple interfaces when there are more than 1 default gateway configured
Last Updated May 13, 2017
You have : - more than one interface configured for different IP networks - each interface has its own ip-default-gateway on its respective network - return-to-sender inbound enabled - a workstation from a remote network sends continuous ICMP PING to the first interface of the ProxySG
As there are more than 1 ip-default-gateway configured, the ProxySG will load balance through all the configured ip-default-gateways.
Note: The return-to-sender setting does not affect ICMP
If response to certain ICMP request must be done from any particular IP gateway, we can get around this by entering a static route for the source subnet via one of the SG gateways.
!- BEGIN networking interface 0:0 ;mode ip-address 192.168.101.2 255.255.255.0 <<<<< Network A exit interface 1:0 ;mode ip-address 192.168.102.2 255.255.255.0 <<<<< Network B exit ..... ip-default-gateway 192.168.101.1 1 100 <<<<< Default gateway via Network A ip-default-gateway 192.168.102.1 1 100 <<<<< Default gateway via Network B .....
When a remote workstation sends continuous ICMP PING requests to 192.168.101.2, ProxySG will send ICMP PING replies via interface 0:0 and interface 1:0. As we assigned an equal weight to both the ip-default-gateways, ProxySG will send ICMP replies via each interface alternately.
If you need ProxySG to reply via a single interface, you can add a static route to the remote workstation through a specific gateway. For example :