Static routes on WAN interfaces overridden by route-to for firewall-initiated traffic
Rules / NAT
Plus Target Version:
the 'pass out' rules such as:
pass out route-to ( em1 220.127.116.11 ) from 18.104.22.168 to !22.214.171.124/21 keep state allow-opts label "let out anything from firewall host itself"
Break connectivity from the firewall itself to any networks reachable via a static route on a WAN for traffic initiated from the firewall itself.
For example if you add a static route in the above scenario pointing 126.96.36.199/24 to 188.8.131.52, traffic initiated from the firewall to that destination will go to 184.108.40.206, not 220.127.116.11.