routing VLAN via second WAN

hebein

Hello,
I would like some of my VLAN (not all) via my second WAN (to keep my networks physically separated).
How can I configure this in VLAN settings?

Regards,
Gutnher

JeGr

You don't configure that in your VLAN settings. Just add an Alias, where you put the IPs or the subnet/range you want to route via WAN2 from your VLAN and create a firewall rule on that VLAN e.g. LAN2 (or however it es called) atop of others that permit access to any (e.g. Internet) but in this rule click on the "advanced" button at the bottom and select your WAN2 gateway there.

Just as an example I created this on a Test VM. LAN is 172.22.222.0/24 and I "cut out" 172.22.222.64/26 (64 IPs) that will get routed via Gateway GW_WAN2 instead of GW_WAN (e.g. default ).
It has to be atop the more generic rule below so it get's matched. Also watch out if you have multiple other VLANs you want to still access, then you'd need another rule on top that allows internal traffic to private IPs or those VLANs with Gateway "" - otherwise your internal traffic gets pushed out WAN2, too and dismissed at upstream.

Rico

Normally you'd Policy Route on Layer 3 (IP), not VLAN.

EDIT: Too slow for JeGr.

-Rico

hebein

Thank you!