I currently have a main office network (172.16.1.x/22) with a Balance 305 and a remote office (172.16.14.x/24) with a Balance 20. They are joined by PepVPN. We have a remote media server (172.16.14.50) that we update regularly from the main office. However, the PepVPN stays connected using the remote office’s mobile internet, and it’s possible that our employees can unknowingly use up our entire Verizon data quota transferring files to the media server when the cable WAN is down. In the past, I’ve just set the PepVPN on the remote office to not use the mobile internet. However, recent equipment purchases require that I start using the PepVPN with the mobile internet.
What I’d like is a way to set a firewall rule to deny any traffic from the main office network (172.16.1.x/22) to the remote media server (172.16.14.50) if PepVPN is using the mobile internet on either end of the connection. Perhaps you could add a ‘metered’ bool property to WANs and then add an ‘apply to metered connections’ property to internal firewall rules.