Hi,
We've got a situation where we need to redirect guest traffic towards a proxy in a different subnet.
The proxy is on an internal subnet. The default gateway for the guests is a firewall that specifically allows this traffic.
We've implemented a simple dst-nat to the proxy policy in the user-role which does the trick except for 1 issue.
The problem is that guest-traffic is pulled out of the guest vlan and routed (using the controllers routing table) over the internal LAN. This arrives at the firewall which sees it as guest traffic coming from an internal interface and drops it.
Is there a way to achieve this without changing the routing table of the controller?
I looked at the "route dst-nat" option which from the description appears to be exactly what I need but I cannot seem to enter my dst address (or the next hop) anywhere?