eventually i suspect that issues was due to double NATting this connection, not a perfect configuration of Checkpoint's anti spoofing or asymmetric routing. I guess sometimes ignorance is bliss.. :) I'll finish with a short prayer. Virtual Routing Redundancy Protocol (VRRP) is a high-availability solution, where two Gaia Security Gateways can provide backup for each other. Gaia offers two ways to configure VRRP: Monitored Circuit/Simplified VRRP - All the VRRP interfaces automatically monitor other VRRP interfaces Asymmetric routing is when a packet takes one path to the destination and takes another path when returning to the source. Asymmetric routing is common within most networks; the larger the network, the more likely there is asymmetric routing in the network. Dec 21, 2012 · Asymmetric routing occurs when packets from TCP or UDP connections flow in different directions through different routes. In asymmetric routing, packets that belong to a single TCP or UDP connection are forwarded through one interface in a redundancy group (RG), but returned through another interface in the same RG. Asymmetric routing concepts can also be extended to the single context mode. In this case, the packet leaves the FWSM interface in a security domain, and the return path will be in an interface of a different security domain. Note that both the interfaces will be in the same ASR group.