Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic
|Affected version:||2.0||Affected Architecture:|
the 'pass out' rules such as:
pass out route-to ( em1 184.108.40.206 ) from 220.127.116.11 to !18.104.22.168/21 keep state allow-opts label "let out anything from firewall host itself"
Break connectivity from the firewall itself to any networks reachable via a static route on a WAN for traffic initiated from the firewall itself.
For example if you add a static route in the above scenario pointing 22.214.171.124/24 to 126.96.36.199, traffic initiated from the firewall to that destination will go to 188.8.131.52, not 184.108.40.206.