Policy based routing and static routes
-
I have an SG-1537 set up with multiple WAN links, using policy based routing to do failover, and I've just added a remote site via Wireguard tunnel. I've found that with the WAN gateway group there's no easy way to send traffic down non WAN routes, even a specific policy based route pointing to that network at the top of the firewall list does not change the traffic patterns.
I'd put the link as a member of the gateway groups, but there's 0 sense to pushing traffic down a tunnel over one of the WAN links, especially in a failover scenario...
Is my only option to remove the gateway groups and policy based routing?
-
Just for further clarification, the only place this policy routing is interfering is the LAN network, connecting via OpenVPN means you use system routes, and as there is no policy routing on the remote network, it doesn't impact that side either.
Is there some way to tell pfsense to use the specific static route, or will policy routing ALWAYS override any other routes?
-
@bossaops
Not clear, what you really did here with policy routing. But yes, if a traffic matches the rule conditions the rule is applied and hence the packets are directed to the stated gateway. -
@viragomann I have 2 WAN links, in a gateway group, I use that group in a firewall rule to provide failover. What I've found is that even OTHER policy based routing rules in the firewall which match better in both scope, and are higher on the list do not preempt the WAN policy route.
My question is, "am I mistaken, is there some way to preempt a policy based route besides remove it?" .
More than happy to map it out if you'd like..