XTM5, Multi-WAN Routing and DNS

pull_ad

I'm on Version 12.1.3. I operated my Firebox with only one ISP until now. I got a second line so I tried to setup Multi-WAN with failover (primarily the new line "ISP2" should be used, only if that one fails the old line "ISP1" should take over)

However I have this issue: Some particular services (Exchange server for example) should always use ISP1. So for the SMTP_OUT policy I selected from internal host's IP to interface of ISP1. However, when ISP2 is set as primary under Network > Multi-WAN, even that particular internal host is using ISP2. What am I doing wrong here? I found the setting for policy based routing as well, however I didn't understand how I can configure a failover-setup by policies.

Another idea (correct me if thats a wrong approach): I would like to push DNS requests to the currently used ISP's DNS server. Can I set the Firebox's internal IP (the gateway address for the clients) as a local DNS server as well to make the firebox forwarding those requests to the appropriate public DNS? That step is required because the client's (or Windows DNS server on the trusted network) can never know which ISP is currently in use)

Bruce_Briggs

You need to use Policy Based Routing (PBR) to force packets allowed by a specific policy out a specific WAN interface.
Note that starting in V12.3, PBR is replaced by SD-WAN.

Configure policy-based routing in Fireware v12.2.1 or lower
https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA22A0000001fopSAA&lang=en_US