HP Procurve Query
Have a number of Layer 3 HP Procurve Switches and a Core routing Switch.
Core switch has IP Route in to forward all general traffic 0.0.0.0 to our Internet Router. So anything it cant route internally fires across to a Sonicwall.
If I put in an IP Route for a specific VLAN to forward all gateway traffic to a transparent proxy server on another VLAN and then put in a subsequent loopback to the initial VLAN will it process this rule before the general one do you think? Or will I end up having to put routes in for all the other VLANs as well and ditching the 0.0.0.0 route.
Wanted to put in an IP Route 10.20.70.254 - 10.20.30.200 and then put a route in the proxy back to the 10.20.70.x network.
Any advice greatly appreciated!
Our set up is that anything anything that the core switch doesn't recognize goes to our Palo, then there are a series of virtual routers in that to get the traffic back to the appropriate gateways for each vlan.
I think you will end up with a set of rules for each thing explicitly somewhere, but not necessarily on the core routing switch. we chose to do it on the Palo as it's a lot easier to turn them off on the Palo and eveything keep working as before as everything continues to go via 0.0.0.0, it just doesn't come back if the Palo says no.
@Junior2k The route you have set for 0.0.0.0 is used as the default gateway - i.e. if no other route exists, it will fall back to it.
Thanks for your help with this guys,
In the end put in a static route on our Sonicwall. Had major problems getting a gateway route to work on our Sonicwall and their support which is usually good had to go away and try getting it to work as I wanted. Anyway posting here because we stumbled across a way that worked perfectly whilst on the phone to Sonicwall and even they were surprised it seemed to work perfectly.
You never know this may help someone else :-)
Sonicwall > Network > Routing
Add Route Policy
Source : Range of addresses to be handed out by DHCP
Destination : Any
Services : Setup a group for HTTP / HTTPS
Gateway : The Transparent Proxy IP
Interface : Whichever one is plugged into the LAN
Metric : 1 (makes it static)
Now that on its own doesn't do anything
Original Source - Range of addresses to be handed out by DHCP
Translated Source - Original
Original Destination - IP of Transparent Proxy
Translated Destination - Original
Original Service - Same group for HTTP / HTTPS
Translated Service - Original
Inbound Interface - LAN Interface X1 or whatever your plugged into
Outbound Interface - Any
Now in my eyes this should do nothing as its not translating anything, but don't ask me why without it their the Route doesn't work simple as.
Like I said, I hope this helps someone