Hi, I''m having issues with asymmetric routing through shorewall. This is how my environment is setup: My shorewall have 3 interfaces: 1: internal LAN, 2: ISP1, 3: ISP2 (I don''t know if it matters but interface2&3 are 2 different VLANs on the save physical interface). I have 1 IPv4 BGP range (/24 subnet) and both ISP''s are publishing it for me, now BGP is working in a way that allows asymmetric routing to happen (as each edge computes&custom it''s own hop based metrics). The problem: When traffic is symmetric comes and goes through the same interface, everything works perfectly. When the outgoing is through 1 ISP and the incoming is through a different one it is not working. I can see the packet leaving on one interface and the returning packet on the other interface, but there are no logs on shorewall (as if the traffic do not exists). Shorewall does the same PAT on both ISP interfaces. Any ideas what to look for? what might be missing? Thanks, Shalom Cohen ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/