A Route Policy Example

The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface needs to be setup on the X3 interface and configured with the settings from your ISP.

1
In the Network > Routing page, click the Add button for the Route Policies table. The Add Route Policy dialog displays.
2
Create a routing policy that directs all LAN Subnet sources to Any destinations for HTTP service out of the X1 Default Gateway via the X1 interface by selecting these settings from the Source, Destination, Service, Gateway and Interface drop-down menus respectively. Use the default 1 in the Metric field and enter force http out primary into the Comment field.

3
Click OK.
4
Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the Default Gateway via the X0 interface by selecting these settings from the Source, Destination, Service, Gateway and Interface drop-down menus respectively. Use the default 1 in the Metric field and enter force telnet out backup into the Comment field.

* 
NOTE: Do not enable the Allow VPN path to take precedence option for these routing policies. The Allow VPN path to take precedence option gives precedence over the route to VPN traffic to the same destination address object. This option is used for configuring static routes as backups to VPN tunnels. See Static Route Configuration for more information.
5
Click OK.
6
Next, navigate to the Network > Failover & LB page.

7
Configure the security appliance for load balancing by checking the Enable Load Balancing check box.
8
Click Accept to save your changes on the Network > Failover & LB page.

These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and forces all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.

To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web site http://www.whatismyip.com. The site displays the primary WAN interface’s IP address and not the secondary WAN interface.

To test the Telnet policy-based route, telnet to route-server.exodus.net and when logged in, issue the who command. It displays the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.