I’m trying to setup an outbound policy to force all traffic from an internal host out a secondary WAN connection. No matter the rule I setup, the connection just does not go out the right WAN interface. I’ve tried source by IP and by MAC. I’ve tried enforced, weighted and priority algorithm. Nothing works. This also has the side effect that I have an inbound service to this host as well and the traffic comes in on the correct WAN interface but the response is going out a different WAN. I have even created a persistence rule for the TCP port in question for all inbound and that doesn’t even work. Any ideas?
There must be something wrong with your config. Is the secondary WAN connection in active mode or standby mode (is there a green light on the dashboard next to the connection)? Is the internal host on the same IP subnet as the Balance’s LAN? Are you placing your outbound rules above the default rule? The outbound rules are executed firewall style from top to bottom, so make sure there is not another rule above yours that may interfere.
- Yes there is a green light next to the connection.
- In this case the host is on the same subnet as the lan interface of the balance. I also have a subnet range that is not on the same subnet but it does not work either.
- The default rule is forced to the bottom. My rule for this host is at the very top.
- I opened a support ticket through the web and am waiting for a call back.
I also want to note that this host has a service setup to come in on this secondary WAN link. In wireshark I see the incoming request but the response is going out a different WAN so the communication fails.
Got it working with the help of tech support.
The server was pointed to an incorrect gateway which was routing it’s outbound traffic through a completely different router. Corrected this issue and everything is working as expected.
Excellent, thanks for the update Beavis!
Yet another good example of our fast and courteous technical support 