http prioritization over SD-WAN
Dear Watchguard Community,
i am struggling with a confusing problem:
we are using four ports of our Firebox T35.
eth0: external ISP (A) with a static IP (PPPoE)
eth1: Our Trusted Network (10.0.1.1/24)
eth2: external ISP (B) with a static IP
eth4: Local static IP (Gateway: 192.168.1.1, 192.168.1.10/24), this interface is also connected with the second interface (of the modem) of A, to configure the modem over the Webinterface.
We have configured Multi-WAN (Failover, eth2: primary, eth0: secondary) with one SD-WAN (eth0).
FTP-proxy and HTTPS-proxy policies are running with SD-WAN and it works perfectly fine. All HTTPS and FTP traffic is routed through A, everything else (like UDP Packets) are routed through B.
We have several managed switches in our local (eth1) network and the Webinterface of the modem of A (eth4). All are accessible over http (Webinterface). So far so good.
We also would like to route all http traffic over eth0, but as soon as turning on SD-WAN on the Firewall Policy 'HTTP-proxy' all http traffic is routed through eth0, but we have no access to the Webinterface of the Modem (192.168.1.1) anymore. Ping is working fine on 192.168.1.1. The access to the switches on the trusted network (eth1) is not disturbed (we still have access).
The access to 192.168.1.1 'comes back' after turning off SD-WAN on HTTP-proxy.
I think with default HTTP-proxy settings, the Firebox processes http requests in the following order:
- External Interface, but local IP (192.168.1.1)
- Primary External Interface (eth2)
- Secondary External Interface (eth0)
after activating SD-WAN it seems like the Firebox is processing http request in this order:
- Primary External Interface of SD-WAN (eth0)
Is there a way to make the Firebox act like in the first case, although SD-WAN is active, without adding the 'External Interface with local IP (192.168.1.1)' to the SD-WAN policy?