I’m trying to configure my network so that one particular machine is allowed to access one particular WAN link in order to go to one particular domain. Outbound policy seemed like the best way to do this. However, when I open the hole for this machine to access the domain, in practice it can access any web page it wants to. I accomplished the basics of my goal by using firewall rules (allow domain.com, allow dns, deny all others) which is OK for now, but I’d like it to be able to connect when we’re on the other WAN link, and it seems like the firewall method will keep it from doing so.
My rules are set as follows:
I used the IP as well as the domain just because I wasn’t sure which would work. I included DNS mostly as a safety, but seemed like it might need it, and didn’t access anything without it.And then if it doesn’t match on those three rules it should go down to the next which enforces it only to use the other WAN connection. However, if the firewall deny rule is disabled, I can access any website I want with these rules in force. Is there something obvious I’m missing?