Hi.
I realise that the purpose of a FH is not to handle multiple Internet links, and therefore Outbound policies are normally not required.
In our scenario however we host a RDP and other servers in a data centre with SF tunnels to the various offices for a specific client. They need to access third party sites where their office public IP is whitelisted, so access directly from the hosted servers are not allowed. For security purposes the third party allows only one IP of the client to be whitelisted and the process to change it is quite lengthy. Outbound policies will assist to route specific traffic back to the VPN peers, while allowing direct breakout for other traffic.
At the moment we route all traffic to a VPN peer and do the policies from there, but this adds a point of failure and also limits all outbound traffic from the hosted server to the speed of the peer’s link.
Some other forum topics recommend the implementation of a second FH in the data centre, but this comes with its own set of challenges and costs.
What will be the best way to route specific traffic from a VM on the FusionHub LAN via a SF peer’s Internet?