Technical Tip: Route certain traffic through dedicated static ISP IP address

gakshay · ‎09-26-2019

Description
This article explains how to route the LAN IP Requests through one of the assigned IP address provided by the ISP.

In general configuration, the traffic is configured to be routed to the Outgoing interface (WAN).
When ISP provides a range of IP addresses or an IP address, it's possible to configure them as Dynamic IP pool (Dynamic SNAT) where in the traffic it would be routed via the Dynamic IP pool.
This configuration is useful when Mail Server or Media server or any other specific traffic needs to be routed only via the Dynamic IP pool.

Solution
Follow the steps below:

1) Create the Dynamic IP pool

In the Dynamic IP pool, only the IP address is mention. However, the range of the IP address can also be mentioned if needed.

2) Create the IPV4 policy and bind the Dynamic IP pool

3) To check the traffic flow, enable the below commands:
# dia sniffer packet any "host 8.8.8.8" 4
interfaces=[any]
filters=[host 8.8.8.8]
44.109959 port3 in 172.31.135.74 -> 8.8.8.8: icmp: echo request
44.110608 port1 out 10.5.21.101 -> 8.8.8.8: icmp: echo request
45.121066 port1 in 8.8.8.8 -> 10.5.21.101: icmp: echo reply
45.121141 port3 out 8.8.8.8 -> 172.31.135.74: icmp: echo reply

#dia sys session filter clear
#dia deb flow filter daddr 8.8.8.8
#dia deb flow trace start 100
#dia deb en

id=20085 trace_id=11232 func=fw_forward_handler line=751 msg="Allowed by Policy-1: SNAT"