I currently have a HD4 that only has the default VLAN and the unit is set to pass all traffic through a SpeedFusion tunnel. This has worked just fine, but now I need to create an additional VLAN for a DMZ function.
I have already created the additional VLAN.
How do I go about traffic handling? As I see it I can no longer use the “Send all traffic to” feature.
The VPN and DMZ traffic must not be sent out of the same WAN connection, preferably a WAN should be dedicated the DMZ and the remaining WANs should be for the VPN.
Also the DMZ traffic must not be sent through the SpeedFusion tunnel, it should be broken out as regular internet traffic.
SpeedFusion can be setup to only include the WANs that you would like it to use, this would allow you to leave out one WAN for routing the DMZ VLAN traffic. If you have setup the profile via IC2 you can make changes on the Profile Options page. Enable Show Advanced Settings, click on Advanced WAN Settings, select the HD4, click on Modify WAN Settings, and change the Priority for that WAN to Disabled. Don’t forget to click Save and finish configuring the profile.
Outbound Policy (Advanced > Advanced > Outbound Policy) would be your best option for controlling traffic flow. You can setup a rule to have any traffic from the DMZ VLAN be sent only out the WAN that’s not a part of the SpeedFusion Profile. As you said you’d only like to use one of the WANs for the DMZ VLAN you could also look at using Enforced rather than Priority for the OBP Algorithm. Here is an example rule:
