Firewall sandwich

Hi Piotr,

regarding your question 1: The default gateway pool is required to handle outgoing connections in case your firewall sandwich is used for outgoing traffic initiated by internal users.

For your tests regarding AutoLastHop you may find the connection table "all-properties" switch useful:

tmsh show sys conn all-properties

It will show the ingress VLAN and last hop information for each connection.

Just add additional parameters to filter output on criteria as client IP or virtual server IP etc.

In my opinion it does not show all information. At least I´m missing the egress VLAN information (used by VLAN-keyed connection feature to avoid asymmetric traffic flow on serverside).

Thanks, Stephan