Removing External Interface
We had two internet circuits. One for primary, one for backup / failover. We're removing our second internet circuit. I've found that if I simply remove the physical connection, traffic from trusted interfaces can't exit the primary external interface. There are a lot of historical firewall policies.
Is it possible to add a new policy at the top of the processing list that just sends all trusted interface traffic for any port type out of a specific external interface?
0
Sign In to comment.
Comments
Are you utilizing SD-WAN for the primary and backup interfaces?
How do you presently fail over when the primary interface goes down?
If you are using SD-WAN and disconnect the backup interface all traffic should still use the primary interface of you have the policies and SD-WAN configured to do so.
Placing an any-any policy at the top of the list to bypass all other policies sorta defeats the purpose of the firewall and is inherently insecure.
It's usually something simple.
Yes - an Any packet filter, for example, with SD-WAN set on it to go out the desired WAN.