Routing Question on the Lan Side
I am trying to do some Policy Based Routing. Here is my typical environment:
WAN1 \ /WAN2
PFSENSE01 - PFSENSE02
DMZ1 Local Lan DMZ2
172.18.0.0 172.20.0.0 172.19.0.0
Core Switch .1.1
Local Network 10.0.0.0
Ok so in brief I am trying to create specific rules
1 - Browsing or web or any 0.0.0.0 address traffic goes to the untangle server and then Out to either WAN1 or WAN2 (Working Fine)
2 - I have rules on my internal router to specify route 172.18.0.0 -> 172.20.0.254 (PF VIP)
3 - 172.19.0.0 -> 172.0.254
So in clear all traffic going to the DMZ (Either 1 or 2 - 1 being the DMZ for wan 1 and 2 the DMZ for WAN 2) is routed directly from the switch to the PfSense Server (NOT going thru the Untangle box as I do not want this traffic to be monitored)
4 - I have a static rule on PfSense that routes all 10.0.0.0 back to the untangle interface (172.20.2.1)
5 - Here is when the fun begins! I would like to do this when SOURCE is 172.19.0.0 and Destination is 10.0.0.0 GW : 172.20.1.1 (Core Switch, NOT UNTANGLE)
6 - Same for DMZ2 when source is 172.18.0.0 and Destination is 10.0.0.0 use GW 172.20.1.1 (and NOT 172.20.2.1 - Untangle)
Its so easy to put graphically but is a little hard to put in words.
I looked all the available option for the Policy Based Routing, but I can't select that Alternate Gateway since its on the LAN interface and there is no gateway on that interface.
Again to maybe summarize:
All traffic going to and from the DMZ must use the core sw gateway 172.20.1.1
All Traffic going to anywhere (Internet) must be going back to untangle server
Untangle is in Routing Mode it doesnt do Nating for now - One side in 10.0.0.0 and one side in the lan zone 172.20.2.1
Core Switch is doing the same, routing no Nating One side in 10.0.0.0 and on side in lan zone 172.20.1.1
I just don't want the traffic going to the dmz from my server to go thru the Untangle server that does session monitoring and all kind of check.