Hi, Thanks for the Reply mpellegrino12 About the Problem2: I will search more about the IP SLA with floating static route. thanks for that About the Problem 1: I was wrong with the static routing because I was thinking that the basic static routes can differentiate de packets by source IP, my bad. I will reformulate the problem and answering the questions you made me: In the picture above the red and the green path are different subnets, and I want to route or block the subnets by source IP and destination IP I will give some examples: Subnet A: This is a subnet of guests and if they want to pass to the servers they have to been blocked (no routed, not even to the firewall) Subnet B: This is a subnet of users (can be TV, Cameras, etc...) where all of this users can reach an especific IP (or a especific subnet of servers) and I prefer that they do not go through the firewall to not saturate the firewall and the network because they use to much resources almost all the time. Subnet C: This is a subnet of users where some users can reach some servers. I will manage these permissions with the firewall but I must send these users to the firewall, which will grant or block access to the respective server. then if the user has access permissions the packet will be forwarded to the switch so that it can redirect it to the respective server subnet. My doubt is here into the switches, how can I redirect the packet by analyzing source IP and destination IP (or source subnet and destination subnet; bot ways are useful) and after that, with the packets sent to the firewall, receive them again and forward them to the respective servers? This can be done? Note: The Switches in the distribution Layer will be the Default Gateway for all the Users in the Access Vlan Thanks for the reply
... View more
Hi I have two issues with my routes on the Switches in the distribution layer and I want to know if there are some protocols can solve those problems. Diagram of the network Explanation of the Escenario: The arrows show the path that 2 different endpoints (in different networks) have to make. The red path is for data wich I want to analyze in the Firewall for security The green path is for some data wich I want to redirect directly to the servers. Problem 1: I know I can configure routes to redirect the packages in the Distribution Switch but how I can avoid the routing loop between the distribution Switch and the Firewall. Is there a protocol that can save me? Or it can be done with ACLs? Problem 2: In the case my Firewall get down, obviusly I will try to replace it as soon as possible, but in the meantime I dont want to lose the conectivity to the servers I think it can be solved with an extra route by modifying the administrative distance of the second route? or is there a better practice of making this configuration? Note: All te routes are Static. Thanks to all and best regards Michael Z.
... View more