Hi Marki, Looking at your setup, everything is working as you have connected it although it may not be what you expected.
Your firewall is connected to management Vlans and it received a packet that was sourced from the management Vlan on a different interface. Therefore, the logic in the firewall blocked it. We have a firewall that works the same way...as designed by the firewall vendor. Also, the switch with a routed interface is working as designed. Not sure exactly what you are trying to do and there are several variables to consider but your logic and design needs to be tweaked a little to get the desired results. Contact GTAC, those guys are great and can help you. On Fri, Mar 7, 2014 at 10:17 AM, Marki <[email protected]> wrote: > > Hi, > > On a 7100-Series (most recent FW) and AFAICS on DFE FW7.x too: > > When at least one router interface of the 7100 is enabled, static routes > configured for the mgmt interface (see "show config router", look for > "Static routes configured on non-routed interfaces") seem to be ignored and > the router's "real" routing table seems to be used, causing asymmetric > routing and therefore anti-spoofing which is triggered in the firewall. > > See the following diagram: http://i60.tinypic.com/ve88j9.png > > Can someone confirm this behavior? > > Is it a bug or a feature? > > Thanks. > > > --- > To unsubscribe from enterasys, send email to [email protected] with the > body: unsubscribe enterasys [email protected] > -- Darrin E. Green Senior Technical Support Specialist Dallas Area Rapid Transit 1401 Pacific Avenue Dallas, Texas 75202 Ph 214-749-3173 Fax 214-749-3656 Email [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
