Gateway Groups, Routes vs. Rules - What to Use?



  • I have set up a gateway group that consists of 2 (commercial provider) vpn addresses.  If tier 1 drops, traffic will start going through tier 2.  I also route some traffic through tier 2 so I can access content that's location-restricted.  This works fine.

    Prior to setting up this gateway group I had just one vpn gateway.  I have some traffic I don't want going through the vpn so I set up some static routes in System - Routing - Routes to those addresses.  This worked fine.

    After setting up my gateway group, the static routes no longer worked.  I have set up rules under Firewall - Rules - LAN and set them to the desired gateway.  This works fine.  I've verified stuff is going where I want with Packet Capture.  I can also get my location-restricted content.

    My question is, when should routes be used instead of rules, and vice-versa?  Also why did the gateway group break the static routes?