cancel
Showing results for 
Search instead for 
Did you mean: 

SA6500 static route entries support+Active Directory

Highlighted
Occasional Contributor

SA6500 static route entries support+Active Directory

how many static routes we can put into SA6500, is there any limit? we are looking for 1000+ routes

which interface IP would become the source IP when autentication required from Active Directory (internal or external?)

5 REPLIES 5
Highlighted
Contributor

Re: SA6500 static route entries support+Active Directory

I dont believe there is a documented upper limit to the number of static routes that can be added, However, a large number of routes may impact performance of the SA.

When connecting to any internal resource (like Active Directory), the source IP is always the Internal Port IP of the SA.

Highlighted
Occasional Contributor

Re: SA6500 static route entries support+Active Directory

thanks for the info regarding the static route.

regarding the active directory question. the users and the active directory is connected on the network which is reachable from the external interface of the SA. what i believe that it depends on the routing that from where does the IP of the active directory is reachable and does not depend on the internal and external interface. can you kindly confirm

Contributor

Re: SA6500 static route entries support+Active Directory

As far as I know, the SA doesnot make any connections from the External interface. The External Interface only receives user connections and all connections made from the SA (to Auth servers, Web/Terminal Service resources etc) are initiated from the Internal interface of the SA.

Below is an extract from the 7.1 Admin Guide explaining this.

QUOTE

The internal port, also known as the internal interface, handles all LAN requests to
resources, listening for Web browsing, file browsing, authentication, and outbound mail
requests

The external port, also known as the external interface, handles all requests from users
signed into the SA Series Appliance from outside the customer LAN, for example, from
the Internet. Before sending a packet, the SA Series Appliance determines if the packet
is associated with a TCP connection that was initiated by a user through the external
interface. If that is the case, the SA Series Appliance sends the packet to the external
interface. All other packets go to the internal interface.

UNQUOTE

Hope this helps :-)

Highlighted
Occasional Contributor

Re: SA6500 static route entries support+Active Directory

thanks let me configure it and i will share the results

Highlighted
Respected Contributor

Re: SA6500 static route entries support+Active Directory

There is no limit to the number of routes you can add.

It is not possible for authentication traffic to use the external port; it has to be off the internal.