Static routes and gateway groups
-
Hi,
I setted up several gateway groups to let clients to access to other networks using the MultiWAN capabilities (a MPLS connection and an OpenVPN on WAN connection).
Clients works good, but I'm still having problems on connections generated from the firewall itself as they relies on the static routes which I cannot set a gateway group on.How I can solve this problem?
How I can use a gateway group for static routes?Thank you very much!
Bye -
As far as I know you can't because none of the PF tricks that are used for policy routing and gateway groups work on traffic initiated by the firewall itself.
-
@kpa:
As far as I know you can't because none of the PF tricks that are used for policy routing and gateway groups work on traffic initiated by the firewall itself.
So I cannot have failover on the firewall itself?
This is a problem for the domain ovverides rules on the DNS forwarder, for example.
I cannot think that I need to manually switch the static routes whenever the primary gateway goes down.
There should be a way to manage this! What if I have tons of routes? -
In that case I would not use the built-in DNS forwarder. I would put a DNS server on LAN and use that so it could be properly policy routed.
