ā08-16-2024 12:50 PM - last edited on ā08-16-2024 04:19 PM by shule
I have a FMC managing two 2120 devices. They are connected to our SD Wand circuit. We recently purchased a standalone internet circuit. I am trying to see if the visitor traffic on the network can be routed through the firewall and out the standalone circuit and not go through the SD wan. I have created a sub interface and assigned one of the interfaces to it. The traffic from the network comes to the core and a Nat is created to route it out to the stand alone. Does the interface need a statis IP to route the traffic out or can the interface do a layer 2 passthrough to let it out?
Solved! Go to Solution.
ā08-17-2024 12:50 AM
you can do policy routing
https://integratingit.wordpress.com/2021/04/18/ftd-policy-based-routing/
so that only the visitor subnet will be policy routed to the new circuit.. see example
7.3 and 7.4 have added more sdwan type of capabilities for better control etc.. but plain and simple policy routing will work if you are on older versions..
ā08-17-2024 12:50 AM
you can do policy routing
https://integratingit.wordpress.com/2021/04/18/ftd-policy-based-routing/
so that only the visitor subnet will be policy routed to the new circuit.. see example
7.3 and 7.4 have added more sdwan type of capabilities for better control etc.. but plain and simple policy routing will work if you are on older versions..
ā08-17-2024 02:16 AM
To answer we need more info.
You config fw with sdwan' usually sdwan use igp with device connect to service vpn' but here you use default route in fw to forward traffic to sdwan vedge router?
That I think why you ask' to forward traffic to internet you need additional defualt route and this make two defualt route in FTD and not work.
What ypu need is using IGP between ftd and sdwan to learn prefix of all other sdwan branches then config defualt route in ftd toward internet ISP.
It sdwan issue more than FW issue
MHM
ā08-18-2024 02:11 AM
Please dont get confused with confusing statements
if i understand SDWAN is done by a ISP router or another router/firewall that is in front of your firewall. So essentially your firewall has a default route to this SDWAN router firewall/router and that provides the load balancing / sharing for existing internet circuits ? right ?
And you are getting another internet circuit ?
If this is all true, then please follow my instructions earlier with policy routing and that should just work fine ...
ā08-18-2024 02:51 AM - edited ā08-18-2024 02:54 AM
please make review
how other SDWAN know there is internet ISP connect to FW and need to forward traffic to FW ??
PBR in FTD make other SDWAN edge routers know to access internet send traffic to FW !!!!!
pbr only work if all visitor subnet direct connect to FW.
please answer this
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide