Make 4 routes in the firewall, 3 routes’ next hop point to 18.104.22.168, another one is the default route whose next hop is 192.168.17.1, network of PC is 192.168.17.4.Now QQ and msn is offline.
2 ways to solve the problem
1. Shutdown the firewall session check(shutdown is not suggested that will reduce the safe index )
2. Change the route, make PC network point to 192.168.17.1, add 3 route on 3 layer switch whose next hop is 192.168.17.4, add a default route point to 22.214.171.124.
The traffic will pass SW path when PC login QQ, fist session reached to firewall who sent route to the 3 layer switch, the second route came from the 3 layer switch is sent to PC, and PC sends the third route to firewall. That is the reason why bring the offline problem.
Notes: Firewall has the session check, but SW not.