03-08-2021 10:27 AM
Hello,
I currently have an PTP going from my satellite office to my main office. All traffic goes through this connection. I have a new connection coming in in which I would like to route internet traffic out separately. Currently, traffic all goes out a layer 3 switch. Could I send traffic to this new circuit as well so that just 80, 443 go out for http traffic and the rest goes to MPLS or will I need a firewall for this? Trying to split the two lines of traffic so more room for MPLS.
03-08-2021 10:30 AM
Hello @JohnWeck16314 ,
splitting traffic using PBR policy based routing is possible on a switch with appropriate license and SDM template.
However, access to the internet requires NAT so you will need a router
Hope to help
Giuseppe
03-08-2021 10:53 AM
At this time I only have a firewall. What would my options be for this?
03-08-2021 11:01 AM
Hello,
what is the brand/model of the firewall ? Are both connections coming in through this same firewall ?
03-08-2021 11:05 AM
Hello,
The firewall we have on hand is sonicwall. We still want to route MPLS traffic back to main office (using PTP), but use other circuit for 80, 443. Appreciate the comments.
03-08-2021 11:49 AM
Hello @JohnWeck16314 ,
as noted also by BB the switch can use PBR to send traffic with destination TCP port 80 or 443 to the firewall "inside" the firewall will do NAT and will use the new internet handoff connected to its "outside" or WAN interface.
Look for PAT it is the correct tool for your FW.
At high level you should be able to achieve what you want.
The firewall will need static routes for the internal subnets with next-hop the switch.
Hope to help
Giuseppe
03-08-2021 12:51 PM
Hello,
the SonicWall supports policy based routing.
Provide a diagram of your topology so we can see how your devices are connected (e.g. is the SonicWall the edge device for BOTH connections) ?
03-08-2021 12:20 PM
If we had a better understanding of the topology of the current network and of the plans for MPLS we could give better advice. In the original post we are told that "Currently, traffic all goes out a layer 3 switch." and later we are told "At this time I only have a firewall." So currently the traffic exits the remote office from the firewall and not the L3 switch? Where will the MPLS connection be? On the L3 switch or on the firewall? It is not clear whether the processing to split the traffic would be on the L3 switch or on the firewall. If on the L3 switch then depending on the switch model and licensing (and perhaps version of code) it should be possible to use PBR, as suggested in previous posts. If processing is on the firewall then we need to know more about the capabilities of the firewall.
03-08-2021 10:40 AM
with the PBR you can do traffic steering,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: