• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Rule based routing

Scheduled Pinned Locked Moved Routing and Multi WAN
4 Posts 2 Posters 1.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    Boost
    last edited by Sep 29, 2009, 4:05 PM

    Hello

    I want to do rule based routing (i.e. coming from network Sales->to->Operations go through Fortigate, Sysop->to->Operations go through CiscoASA). How can this be done?
    (see attached picture for simplified network layout)

    We have bridged two networks here and our pfSense box is now the primary firewall. Our production servers at another location and as it happens we now have two routes to the same network.

    We have a VPN to the data center that the firewall on the other end allow pretty much everything. We can access all our different networks on that side from here. We now also have a dedicated line (probably some ATM or something) from our ISP to one of the networks up there. This dedicated line have nice low latency but can only access one of the networks up there.

    Only our sales people need to access Citrix on Operations via the dedicated line. The rest (the sysops etc) can make due with the CiscoASA VPN.

    Again, how can this be done?
    None of the interfaces to Operations are a WAN interface.

    Thanks in advance.

    / Fredrik
    DualLink.png_thumb
    DualLink.png

    1 Reply Last reply Reply Quote 0
    • B
      blak111
      last edited by Sep 30, 2009, 8:06 AM

      Just use the firewall rules on the interfaces facing sysops and sales. Change the gateway from default to whichever interface the traffic should go out on. If the interface isn't available on the gateway drop down, the gateway needs to be set on that interface.
      Using this method, you can use policy based routing based on destination IP's, source IP's, source ports, dest ports, etc.

      1 Reply Last reply Reply Quote 0
      • B
        Boost
        last edited by Sep 30, 2009, 5:49 PM

        Fortigate: 10.10.1.50
        CiscoASA: 10.10.2.50
        Sales: 10.10.3.0/24
        Sysop: 10.10.4.0/24
        Internet: 16.17.18.19
        Operations: 192.168.10.0/24

        1. Do you mean that on the interface facing Fortigate should set the fortigate as gateway, on the interface facing CIscoASA set the Cisco as gw, on a rule on Sales stating Destination: Operations Network, gw=10.10.1.50, and on Sysop stating Destination: Operations Network, gw=10.10.2.50?

        2. Is WAN gw always default gw for all networks until you specify something else with a rule?

        1 Reply Last reply Reply Quote 0
        • B
          blak111
          last edited by Sep 30, 2009, 11:07 PM

          Yep, and you can also use failover groups if you want the traffic to go over the other link if one fails.

          1 Reply Last reply Reply Quote 0
          2 out of 4
          • First post
            2/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received