I'm trying to figure out how to manipulate all traffic from Branch1 and Branch2 in order to mandatorily pass through IPS device even for communication with each other. The IPS device knows all network

To abbreviate today there is EIGRP running among CORE, Branch1 and Branch2 devices. There is a default route towards to this Firewall where the IPS feature is enabled and internet link connected.

There is also a route-map on both interfaces at CORE device, connected to Branch Offices matching the GUEST Network which goes to another Proxy/Internet_Link. So I can't use a Route-map eather.

I can enable OSPF on Firewall where IPS feature is enabled. I can also install a brand new Router and redistribute EIGRP routes into OSPF.


Do you guys have any suggestions to equate the issue?


Follow sample of configuration:


!

ip route 0.0.0.0 0.0.0.0 10.1.0.100   >>>> THIS IS THE ROUTE POINTING TO FIREWALL - INTERNET

!
interface fast0/0
description ## TO_Branch1 ##
ip address 172.16.51.1 255.255.255.252
ip policy route-map GUEST_MOBILE
end


!
interface fast0/0
description ## TO_Branch2 ##
ip address 172.16.52.1 255.255.255.252
ip policy route-map GUEST_MOBILE
end

route-map GUEST_MOBILE permit 20
match ip address 72
set ip next-hop 192.168.172.20     >>>>> THIS IS THE PROXY SERVER FOR GUEST_NETWORK