Multi-WAN and Policy Based Routing
If you have enabled multi-WAN, but want the Firebox to always send certain types of outgoing traffic through a specific external interface, you can use policy-based routing. For example, if your DNS server is reachable only through one of the external interfaces, you can create a DNS policy and enable policy-based routing to send all DNS traffic to the interface that can reach the DNS server. Policy-based routing creates an exception to the global multi-WAN configuration settings.
Do not enable policy-based routing in the BOVPN-Allow policies or in policies that apply to mobile VPN traffic or incoming traffic.
To use policy-based routing:
- Create an outgoing policy for the type of traffic that you want to send to a specific external interface.
- Enable policy-based routing in the policy.
- Select the interface you want the policy to use.
You can optionally specify a secondary external interface to use for failover, if the selected interface is not available. The default setting is to drop traffic until the selected interface is available again.