Hello! I have new ISP and want to test it, so I configured routing instance and additional security zone. Everything seems fine so far, but I cant switch nat to second isp.
Security zone for second ISP
show security zones security-zone isp2
host-inbound-traffic {
system-services {
ping;
ssh;
ike;
}
}
interfaces {
fe-0/0/4.0;
}
show security policies from-zone trust to-zone isp2 Security policy for second ISP:
policy trust-to-isp2 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}Source NAT rules:
pool default-ip {
address {
62.176.7.74/32;
}
}
pool MX {
address {
62.176.7.61/32;
}
}
pool cifra1 {
address {
79.134.86.54/32;
}
}
rule-set nsw_srcnat {
from zone trust;
to zone untrust;
rule MX {
match {
source-address 192.168.70.253/32;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
MX;
}
}
}
}
rule isp1 {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
default-ip;
}
}
}
}
}
inactive: rule-set isp2-nat {
from zone trust;
to zone isp2;
rule ALL-NAT {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
cifra1;
}
}
}
}
} If I switch default rule for nat from ISP1 to ISP2 users wont have access to internet. Whats wrong?