Security Gateway Manual SG-3100
2.5.8 Setup Policy Routing
Policy routing involves setting a gateway on firewall rules which direct matching traffic out specific WANs or failover
groups.
In simple cases (one LAN, no VPNs) the only requirement to configure policy routing is to add a gateway to existing
rules.
• Navigate to Firewall > Rules, LAN tab
• Edit the default pass rule for the LAN
• Click Display Advanced
• Set the Gateway to one of the gateway groups based on the desired LAN client behavior.
For example, pick PreferWAN so clients use WAN and then if WAN fails, they use WAN2.
• Click Save
• Click Apply Changes
If there are other local networks or VPNs which clients on LAN must reach, add rules above the default pass rules to
pass local traffic without a gateway set:
• Navigate to Firewall > Rules, LAN tab
• Click to add a new rule at the top of the list
• Configure the rule as follows:
Action Pass
Interface LAN
Protocol Any
Source LAN net
Destination The other local subnet, VPN network, or an alias of such networks.
Description Pass to local and VPN networks
Do not set a gateway on this rule.
• Click Save
• Click Apply Changes
2.5.9 Dynamic DNS
Dynamic DNS provides several benefits for multiple WANs, particularly with VPNs. If the firewall does not already
have one or more Dynamic DNS hostnames configured, consider signing up with a provider and creating one or more.
It’s a good practice to have a separate DNS entry for each WAN and a shared entry for failover, or one per failover
group. If that is not viable, at least have one for the most common needs.
The particulars of configuring Dynamic DNS entries vary by provider and are beyond the scope of this document.
© Copyright 2022 Rubicon Communications LLC 52
To Next Page
Loading...
Need help?
General
