Asymmetric routing is undesirable for many network devices, including firewalls, VPNs, and SteelHeads. These devices all rely on seeing every packet to function properly. When SteelHeads are deployed in a network, all TCP traffic must flow through the same SteelHeads in the forward and reverse directions.

What is Asymmetric Routing? In Asymmetric routing, a packet traverses from a source to a destination in one path and takes a different path when it returns to the source. This is commonly seen in Layer-3 routed networks.

The solution to this problem is to adjust the placement of the firewalls or internal routing such that traffic in both directions flows through the same firewall, even if incoming traffic enters the network through a different router than the router that handled the matching outgoing traffic.

Asymmetric routing is when the flow of packets in one direction passes through a different interface than that used for the return path. This can occur when traffic flows across different layer 2 bridged pair interfaces on the firewall or when it flows across different firewalls in a high availability cluster.

As per the network flow, the outgoing traffic flows via checkpoint and when it comes back, it is not hitting the checkpoint firewall. Looks like the traffic will be asymmetric. Just checking if the checkpoint can handle such asymmetric traffic and if any provisions to cater the same.

Asymmetric Network: An asymmetric network has multiple routes for incoming and outgoing network traffic. Symmetric Network: A symmetric network has a single route for incoming and outgoing network traffic. As such traffic takes the same route when entering or the network.

Use the following command to configure the firewall to bypass asymmetric routing globally.

1. > configure.
2. # set deviceconfig setting tcp asymmetric-path bypass.
3. # commit.
4. > configure.
5. # delete deviceconfig setting tcp asymmetric-path.
6. # commit.
7. > show running tcp state | match asymmetric.

In Symmetric-key encryption the message is encrypted by using a key and the same key is used to decrypt the message which makes it easy to use but less secure….Difference Between Symmetric and Asymmetric Key Encryption.

Symmetric Network: A symmetric network has a single route for incoming and outgoing network traffic. As such traffic takes the same route when entering or the network.

There are two workarounds for this issue:

1. Change the network architecture to eliminate asymmetric routing, such that all return traffic passes through the same firewall in which the traffic originated.
2. Turn off the option (tcp-reject-non-syn) to reject connections where the first packet wasn’t a SYN packet.

Asymmetric routing is a situation where packets follow a different route in an outbound direction than they follow when returning in the inbound direction. In general, an asymmetric configuration is fairly normal in many network environments.

What is Asymmetric Routing? In Asymmetric routing, a packet traverses from a source to a destination in one path and takes a different path when it returns to the source. This is commonly seen in Layer-3 routed networks. Issues to Consider with Asymmetric Routing

In Asymmetric routing, a packet traverses from a source to a destination in one path and takes a different path when it returns to the source.

The state information exists in the first firewall. 1. Symmetric routing flow through the firewall Keep the traffic flow symmetric through the firewall infrastructure. Here, the packet flow from one security domain to another will be through a single firewall. Redundancy for the flow is achieved via firewall redundancy (failover configuration).