Hello,
I’m doing some testing of some outbound policies. I will set a policy, then Apply Changes. Then I go to test on a machine and the policy does not seem to apply.
My question is, are the rules instant? IE, if I set an outbound rule to send any traffic to somedomain.com and enforce it through a specific WAN, then save/apply, can I then immediately go to that website on a lan client, refresh and then the new connection will be used? or do I have to wait?
If it is supposed to be instant then I probably have some other configuration that is incorrect, but if I have to wait, then I guess I will wait.
Thank you in advance for your help!
It depends 
Depending on the algorithm you are also using on a rule there is a tick box for “terminate sessions on link recovery” that can force the issue.
Ordering of rules is something to also consider, they are processed top down in order and the first one that matches is what will be applied, or another way to consider this is when building your outbound policies more specific rules should likely be placed towards the top of the list vs more general / broad ones.
To check where traffic is being routed I’d use the active sessions page in the Peplink GUI.
If you think your OBP is all built correctly perhaps share some screenshots of the config with us and people here can probably help you figure out why something might not be working.
1 Like
OK, yep,I can see how the algorithm could make it depend since it might be base don the session. Let me explain a bit further. I was using ‘Enforced’ for my testing.
On my Outbound rules I have that anything going to fast.com use WAN1. This is “enforced” and is at the top of the rule set.
I go to fast.com and do a speed test on one of my LAN clients. I can tell on the real-time usage that the test is using WAN 1. Great.
Now I go back and edit that rule to Enforce using WAN2. save Apply.
Go back to the same LAN client and do the test. The test still goes on WAN 1. If I leave it and try several hours later, the test goes on WAN2.
So my impression is that it takes a while, but maybe I am missing something? Is there a way I can get around whatever is taking so long?
A name based rule will not trigger until a new dns lookup is done.
When you change the rule it clears the cached fast.com map from the previous test and until the browser requests another query for fast.com the rule can’t be built.
If instead you do an IP based rule that will take effect immediately. So try taking the source IP of your test system and force that out each wan.
So yes it is immediate but you must have a DNS query to trigger a name based rule
I think there is also a bug with “enforced” in some cases where it is not actually working as expected.
I would normally just use “priority” and just give it only one WAN to choose from and then tick the box to drop traffic if no WANs are available from the list.
1 Like
@Eddy_Yeung I have seen this too sometimes. Not sure if this is a known bug or not?
1 Like
I also had an issue with an enforced outbound policy when testing a system last week; I was experimenting with different SSIDs routing traffic via the enforced outbound policy to different connections - I had starlink connected, a 5g connection (from the internal BR1 Pro5G modem) and 2 kinds of speedfusion - my own fusionhub and speedfusion connect both DWB both connections.
My goal was to have one SSID use the bonded fusionhub connection, and another use just starlink.
It sort of worked, but then didn’t. As I swapped them around it didn’t re-route traffic as expected.
The system was deployed at the weekend for an event and I just had all SSIDs use the fusionhub connection but it wasn’t ultimately what I was after.
It was something I was going to come back to - I guess I should just use the solution @WillJones suggested above with the priority rule instead.
