Policy not working as expected Expert Mode Enabled.
With no Outbound Policies active traffic is routed via WAN (French IP)
With Test UK IP (Active) sends VPN to SpeedFusion as expected (UK IP).
We only want to send Vlan 6 to VPN - SF (UK IP) but this Policy is ignored and Local WAN (IP France) is routed.
Something is overiding Vlan 6?
Rule order is important for OBP, they are processed top down in order and the first rule that matches traffic is what is applied so make sure the “UK IP” rule is placed correctly.
As for the rule “UK IP” if you just want to direct traffic sourced from 192.168.6.0/24 out the VPN then you do not need to use the “destination” filed, the destination should likely be “any” as you only care about what subnet the traffic is sourced from.
Thank you for your input, I have corrected Outgoing Policy but it is still not triggered, 192.168.6.0/24 clients are not routed to VPN: SpeedFusion as expected?
It’s a bug.
Use a priority rule instead but just put the Grapevine VPN 2 tunnel in as the only active connection and don’t allow fail to next rule.
Hmm… This is strange…
I tried to replicate this with our lab device running fw 8.4.1GA.
What I saw in the Active Sessions table, all traffic from VLAN 6 client was sent out via the SF tunnel (name = Test-Forum").
Are you running the latest firmware version (8.4.1)? Or, you may submit a ticket for our team to take a closer look.
Yes, we have SDX 8.4.1.
I am now not able to reproduce this!
I have been trying for a week to get this to work.
Maybe MartinLangmaid can shed some light?
Like you its an intermittent bug I have been chasing for far too long. Every time I think I understand it I can’t reproduce it.
A theory is that when the enforced rule doesn’t work, changing it to a priority rule overwrites or recreates the lookup tables specifically for that target identifier. I need to spend more time playing with it.
