head.. wall.. bang!
Think ive pretty much exhausted all possibilities.. src nat, dst nat, route to esi... nothing!
I dont think what im trying to do is that unusual, but just not found the right way of doing it! Just to clarify.. I have an internal guest netwrok using captive portal, say 12.11.10.0, wan am trying to push this traffic out of an interface that is connected to the dmz, so all outbound traffic goes out via our UTM. This interface has an address that is valid in the dmz. All other non captive portal traffic would go out of our default route via out pirmary internet gateway.
Would welcome any suggestions...
Doing some further teading.. ESI has to be the answer...
External Services Interface
The ArubaExternal Services Interface (ESI) provides an open interface that is used to integrate security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. ESI allows selective redirection of traffic to external service appliances such as anti-virus gateways, content filters, and intrusion detection systems. When “interesting” traffic is detected by these external devices, it can be dropped, logged, modified, or transformed according to the rules of the device. ESI also permits configuration of different server groups— with each group potentially performing a different action on the traffic.