I currently have a setup as per the diagram below. When I ping (and other traffic) from the remote site firewall (3.3.3.1) to ISP2 IP address on the firewall (2.2.2.1) it works fine. I know because the default route points to ISP1 that the return traffic will be asymmetric (so the request will come in via ISP2 and go out via ISP1) Both interfaces are in the same zone (Untrust) Everything is working fine with this setup. I'm fine with asymmetric traffic on the firewall.
I have a second instance of this setup which is exactly the same (apart from the IP addresses etc) Same firmware and same firewall model. With this second setup, traffic doesn't flow. If I ping from the remote site, I get no response but I can see the traffic hitting the firewall. I know people will say you need a firewall policy from Untrust to Untrust but I don't have that policy on the working setup. (I also tried to all that policy and it didn't help)
I didn't have time to setup traceoptions to troubleshoot this and I will probably not get a chance again for a few weeks until I am back on site. In the meantime is there anything else that someone can think of that is required to make this work and that would allow it to work on the first setup but not the second one?
Thanks
