The second line in that dialog? It is the next hop router associated with this netlink (usually ISP link so this is the ISP router). When you use netlinks in routing, the actual route chosen for the packets using that netlink is the gateway defined.
This is possible, but in your example if you create Netlink for two routers 10.0.1.2 and 10.0.1.3, and you use the 10.0.1.0/24 network as "Network" in both of them, the Multi-Link will not work in the same way as with routers from two different networks. The reason for this is that the "Network" definition in Netlink element properties specify source IP address matching criteria that is used after NAT is done to select which Netlink to use and which next-hop router to send traffic to. So now if you use 10.0.1.0/24 network in both Netlinks, and then define different NAT IP from this network for two Netlinks in Multi-Link element properties, source IP after NAT via both Netlinks will match "Network" on both Netlinks, and thus all connections will be sent out using the first Netlink (whichever is the first one in configuration SMC generated for FW).
To get traffic using both Netlinks you could use e.g. 10.0.1.0/25 as "Network" for Netlink via 10.0.1.2 router, and then with this Netlink NAT traffic to IP that's part of 10.0.1.0/25 network. For second Netlink via router 10.0.1.3, you would use 10.0.1.128/25 network, and use NAT IP from this network. I have not tested setup like this so can't say for 100% certainty that it would work, but I don't see any reason why it would not. In fact you can use basically any network/subnet as "Network" in Netlink properties as long as external routing is setup so that packets to network used are routed to firewall. So in your example you could use e.g. network 220.127.116.11/24 as "Network" in properties of netlink for router 10.0.1.3 as long as that router is configured to route packets with destination IP 50.60.70.x to the firewall, i.e. router would have route telling that to reach 18.104.22.168/24 network send packets to 10.0.1.1, and of course also routers behind 10.0.1.3 would need to have routing setup so that 22.214.171.124/24 packets are sent to this router.
I use these two netlinks for different outbound Multi-Link.
For LAN1, i use Outbound MultiLink1:
- Netlink1: Network 10.0.1.0/24, Gateway 10.0.1.2, NAT ip is 10.0.1.10
- Netlink 2: Gateway is R3
For LAN2, i use Outbound MultiLink 2:
- Netlink 1: Network 10.0.1.0/24, Gateway 10.0.1.3, NAT ip is 10.0.1.10
- Netlink 2: Gateway is R3
Then create NAT rule:
- From Firewall to LAN1 NAT to MultiLink1
- From Firewall to LAN2 NAT to MultiLink2
Will this works?
If routes through netlinks with GWs 10.0.1.2 and 10.0.1.3 both are default routes (i.e. to Any network), then I don't think that this will work. If the routes are more specific for LAN1 network via 10.0.1.2 and LAN2 network via 10.0.1.3, then it might work, but even then I'm not sure about it.
[EDIT] I did quick testing in lab. I first added following:
- Netlink for two routers in external network (both routers in same /22 network)
- Default route via both netlinks
- Two multi-links: one for 1st netlink and one for 2nd netlink
- Two NAT rules where first one used multi-link 1 and matched only DST IP 126.96.36.199, and second one using multi-link 2 and matching only DST IP 188.8.131.52. Both used same NAT IP (external CVI IP of the FW)
==> Pings to 184.108.40.206 and 220.127.116.11 were sent to 1st netlink router, i.e. all traffic was sent based on 1st netlink default route. The reason for this is that both default routes are put to same routing table and then first one listed is used.
For second scenario I changed the netlink routes so that netlink 1 had route only to 18.104.22.168 and netlink 2 had route only to 22.214.171.124. With this setup pings to 126.96.36.199 were sent to netlink 1 router, while pings to 188.8.131.52 were sent to netlink 2 router so this worked the way that you would want it to work in your setup.
Thanks for your answer. I will try to test this in my lab to confirm this. Thanks for your supports