Policy Based Routing over BOVPN - single port and single website

Apologies if this has been answered before. I did not find a result by searching.

I have a need to implement PBR over BOVPN between Fireboxes for a specific application. I need to send only the traffic for one website and only traffic on one single port to the external interface on the remote Firebox. Is this possible?

I was considering creating a BOVPN virtual interface and use PBR on 2 separate policies to route the traffic. Using a https proxy for the website policy and a standard policy for the specific port.

Any help or advice would be greatly appreciated.


  • Options

    AFAIK, PBR really does not apply to BOVPN traffic.

    Policies can control what packets can go over a BOVPN.

    Is the goal to go to the external interface IP addr of the remote firewall via a BOVPN ?
    If so, then that IP addr would need to be included in the BOVPN settings - for a standard BOVPN - in the Tunnel settings.

  • Options
    edited August 2019

    It appears in the policy manager that you can enable PBR on a policy and then choose a BOVPN virtual interface to route that specific traffic over. I was wondering if it was feasible to have a couple of policies configured that way and any gotcha's associated with it. Yesterday's CenturyLink outage to route traffic to AWS is what I'm trying to create a possible workaround until I can get approval for a 2nd cellular based external backup.

  • Options

    no idea about that.
    Consider opening a support incident to get WG help with this.

    FYI - PBR has been replaced by SD-WAN in recent releases

Sign In to comment.