We have a network of a dozen Balance 380s, and we are running into a new situation for us.
All of our branches connect back to HQ over SpeedFusion, and then we have a kind of “second HQ” in another province. Those two locations are connected together over an IPsec VPN between our Sophos UTM routers that are at each site.
We are getting a hosted server that we can communicate with through a router put on site at the two HQs by our server provider, and we have set up static routes on each UTM to reach that network.
Everything is good so far: HQ 1 and all branches can reach the hosted server through the server provider’s router on site at HQ 1. HQ 2 can access the hosted server through the server provider’s router on site at HQ 2.
What we will be doing is putting a Balance 380 on site at the HQ 2, and creating a SpeedFusion tunnel to it from each of the branches. We currently have outbound rules in place to push all traffic through to HQ 1, we will add the speedfusion tunnel to HQ 2 as a backup. If the internet goes down at HQ 1, the branches keep going through HQ 2.
My question is, once we establish that second speedfusion tunnel to HQ 2, it is also going to advertise routes to the hosted server networks over the tunnel, causing two routes to the same destination at the branches. I can’t find a way to set metrics on static routes. I am hoping, and would like to confirm, that the routes “won’t matter” because it is handled by Outbound Rules - is that correct?