Internet <-> Check Point FW <-> "Link-net" <-> Fortigate 500 Cluster <-> Internet
A server running a few public services is located on a VLAN behind the FG500, but the subnet with the public adresses and NAT is located on the CP.
The packet hits CP on the public address and NAT redirects to an internal address -> this internal address is routed on the CP side to the link-net to FG500 -> the packet hits the local server correctly on the internal address behind FG500.
The problem is that the return traffic does not use the same way back, it uses the default route on FG500 and not the link-net
Is this normal behaviour? And does anybody have some tips beside using PBR (which I know work).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.