I have two WANs up and running and selected NAT and Load balancing with weighted LB. I defined a protocol binding for FTP for WAN2 but it routes through WAN1?
The default outbound policy is "block always" and i only have one policy that allows all trafic and NAT IP is set to AUTO. Why is it not working? The only way to get outgoing traffic for specific service to specific WAN port is to define an outbound policy for each and define NAT IP accordingly, for example WAN2. If I understand correct the protocol binding should work without any outbound policies?
Firmware: 4.3.3-6
Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Do you mean NAT IP = AUTO is enough or do I need to define one outbound policy for each service (but what good is protocol binding in that case if I control everything with policies)?
Kindly try to remove the protocol binding that is configured then just define an outbound policy in the firewall rules and observe. Let us check if the outbound policy will just work without configuring protocol binding on the SRX5308.
I can confirm that protocol binding is useless or not working. I have now disabled them.
Outbound policies works and is easy to define. I just have one outbound policy for ALL services that is defined to WAN1 and I only need to define the services I want for WAN2 and put them before the other policy. If that matches then it ignores the policies below and routes to WAN2 as it should.
I am glad to know that the outbound policies you have configured are working fine as per your network requirements. 🙂
I have inquired your concern to a higher tier of NETGEAR Support and I found out that once a protocol binding rule is setup it is not necessary to create an outbound rule. (My bad about my reply to you: "The outbound policy is needed to be defined for the protocol binding to work." 😞 ) If the protocol binding does not work, it is possible that its not properly configured. For example, incorrect source or destination details and the PC they test from is not included in the protocol binding rule.
It is also ok if you will just define outbound policies since you find it easy to define and its proven working on your end. If ever you still wish to try to get protocol binding to work, I suggest you to open an online case with NETGEAR Support at anytime for further assistance.
