the scenario is as follow:

client ( --------- ( firewall A( ---------------
( Firewall B) ( ---------------- server(

if Client want to connect to port 22 in Server,
1) what rule should I allow on Firewall A and Firewall B?
2. what NAT should I add on both firewall?
3. what static route should I add? i.e route destination mask nexthop
Who is Participating?
rowansmithConnect With a Mentor Commented:
On Firewall A and Firewall B you need to add a rule:

    Service: TCP 22

Your Client needs to have a route for via

Firewall A needs to have a route for via

Firewall B needs a route to via

The netmasks depends on the size of the networks assuming /24 then all masks will be


kecoakAuthor Commented:
Firewall A needs to have a route for via

Firewall B needs a route to via

can you explain this ?
If FW-A receives a packet from client ( destined for server( it checks to see if that network is directly connected.

 It isn't so it then looks up its routing table and checks for a route to the specific network 192.168.8.x

If it doesn't find that then it will look for a default route to forward the packet to which is via the default gateway

Therefore setting the default gateway for FW-A to FW-B's IP address and vice versa would sort the problem out.

default gateway for FW-A =
default gateway for FW-B =
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.