I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the static default route entered on initial configuration of satellite will still remain the active route in forwarding table. And if we change metric on static default route (to more than 100) I guess the satellite will lose connectivity with GW gateway over outside interface?
Anyone played with this scenario of routing all traffic from satellites? I guess I could add 2nd virtual router on satellites but seems overkill just for this.
@santonic Do you really need static default routes on the firewall? Teh filrewall will only need to know the address of the IPs of the Portal and the Gateways, so maybe you can configure these with static roues.
Another option is to use PBF for forc all client traffic over the tunnel, which keeping your default static route on the firewall.
Yeah, only specific static routes (to, GW, Portal, maybe updates...) would work if the customer doesn't want backup default route over internet in case there are issues with VPN.
And yeah, PBF is another way to go. Tho I think i would prefer the solution with 2 VRs.
Thanx for your feedback.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!