Setup failover WAN, now some ipsec-destined traffic bypasses ipsec vpns?
I setup the gateway group with both my gateways, one tier1 and one tier2.
I modified the fw rule on the LAN network to allow LAN traffic and added the gateway group as the gateway under advanced per the instructions I followed but then the traffic to one of the VPNs going to 10.254.254.10/32 started going out the WAN (tier1) gateway instead of following the ipsec vpn which has that IP scoped.
I removed the gateway group under advanced and its working normally again.
How do I get this working with WAN failover and the ipsec at the same time? did I do something wrong?
When you add multi-wan, you add policy routing. You need to bypass policy routing for local destinations including remote VPN endpoints. Policy routing bypasses the firewall's routing table, including IPsec traffic selectors.