Outbound Policy referencing primary/secondary SpeedFusion Tunnels

I am attempting to set up management of some MAX Transit Duo devices via IC2. The configurations are propagating from IC2 to the MAX devices without issue, with one notable exception.

In the SpeedFusion configuration (managed via IC2), I have created a primary and secondary tunnel to the same hub. The intent of this is to have the primary tunnel traverse all available links and the secondary tunnel traverse only the two Cellular links. This part of the configuration propagates correctly to the MAX device and I can see both the primary/secondary tunnel appear in the configuration of the device – and come up successfully.

The problem arises when I try to build Outbound Policy rules that reference the primary and secondary tunnel. As soon as I select “PepVPN with Tunnels” as the connection type and provide the appropriate connection/tunnel names, that particular WAN connection is omitted from the policy that is present on the MAX device. Other WAN connections that I select in the priority list do appear.

Thinking that I might have been identifying the tunnel/connection labels incorrectly, I manually built the Outbound Policy as I wanted it to appear on the MAX device, then exported the configuration, and then imported the configuration into an Outbound Policy in IC2. The labels appeared the exact way I was typing them into the policy I created by hand, but I proceeded anyway and the WAN connection still did not appear in the Outbound Policy propagated to the device.

If I switch the connection type from “PepVPN with Tunnels” to “PepVPN or SF Cloud” and enter just the connection name (not the individual tunnel name), the Primary Tunnel will appear in the Outbound Policy. But I have no way to get the Secondary Tunnel to appear in the Outbound Policy at this point other than to manually connect to the devices and configure the Outbound Policy there instead of via IC2.

Is anyone else deploying multi-tunnel SpeedFusion with Priority Outbound Policy via IC2? I have tried creating new groups, re-creating the SpeedFusion tunnels, re-creating the Outbound Policies (both by hand and by importing from a device configuration) and I just can’t seem to get this to work. Any advice would be appreciated.

On the same note, I am also looking for answers to two other questions:

  1. Is there a place in IC2 that I can configure the order of WAN priority as I can on the dashboard page when logging into the MAX devices directly?

  2. Is there a place in IC2 that I can, at the Group level, set the parameters for SIP Passthrough?

“PepVPN with tunnels” should be the correct option, using the subtunnel name, eg:

Please create a support ticket and reference this thread and I’ll see what’s going wrong.

I created a support ticket yesterday (#21030428) but it was promptly kicked over to our reseller who has not been able to provide any assistance on the issue.

Your screenshots reflect exactly how I have attempted to set this up and have not been able to get it work.

I will respond to that ticket now referencing this thread. Thanks for your help.