We're running two IronPort C650 devices on different subnets, with a firewall inbetween. The device on our side of the fence is dual-homed with its management interface connected to our primary LAN, and data1 connected into a DMZ. I'm trying to initiate a ping from our device data1 interface to the other device management interface behind a firewall. I run the ping command, choose data1 as the outgoing interface, and enter the IP address. I receive no response. I have completed a debug on our firewall to determine whats going on...
The firewall sees a packet arriving on it's trust interface (connected to our primary LAN) with a source IP address equal to that of the data1 interface, destined for the management interface of the other device. So, despite asking the IronPort device to generate the ping from the data1 interface it appears to be generating it from the management interface. Surely this isn't normal?!
Anybody any ideas why this is happening?