how many static routes we can put into SA6500, is there any limit? we are looking for 1000+ routes
which interface IP would become the source IP when autentication required from Active Directory (internal or external?)
I dont believe there is a documented upper limit to the number of static routes that can be added, However, a large number of routes may impact performance of the SA.
When connecting to any internal resource (like Active Directory), the source IP is always the Internal Port IP of the SA.
thanks for the info regarding the static route.
regarding the active directory question. the users and the active directory is connected on the network which is reachable from the external interface of the SA. what i believe that it depends on the routing that from where does the IP of the active directory is reachable and does not depend on the internal and external interface. can you kindly confirm
As far as I know, the SA doesnot make any connections from the External interface. The External Interface only receives user connections and all connections made from the SA (to Auth servers, Web/Terminal Service resources etc) are initiated from the Internal interface of the SA.
Below is an extract from the 7.1 Admin Guide explaining this.
The internal port, also known as the internal interface, handles all LAN requests to
resources, listening for Web browsing, file browsing, authentication, and outbound mail
The external port, also known as the external interface, handles all requests from users
signed into the SA Series Appliance from outside the customer LAN, for example, from
the Internet. Before sending a packet, the SA Series Appliance determines if the packet
is associated with a TCP connection that was initiated by a user through the external
interface. If that is the case, the SA Series Appliance sends the packet to the external
interface. All other packets go to the internal interface.
Hope this helps :-)