Policy Based Routing over BOVPN - single port and single website
Apologies if this has been answered before. I did not find a result by searching.
I have a need to implement PBR over BOVPN between Fireboxes for a specific application. I need to send only the traffic for one website and only traffic on one single port to the external interface on the remote Firebox. Is this possible?
I was considering creating a BOVPN virtual interface and use PBR on 2 separate policies to route the traffic. Using a https proxy for the website policy and a standard policy for the specific port.
Any help or advice would be greatly appreciated.
0
Sign In to comment.
Comments
AFAIK, PBR really does not apply to BOVPN traffic.
Policies can control what packets can go over a BOVPN.
Is the goal to go to the external interface IP addr of the remote firewall via a BOVPN ?
If so, then that IP addr would need to be included in the BOVPN settings - for a standard BOVPN - in the Tunnel settings.
It appears in the policy manager that you can enable PBR on a policy and then choose a BOVPN virtual interface to route that specific traffic over. I was wondering if it was feasible to have a couple of policies configured that way and any gotcha's associated with it. Yesterday's CenturyLink outage to route traffic to AWS is what I'm trying to create a possible workaround until I can get approval for a 2nd cellular based external backup.
no idea about that.
Consider opening a support incident to get WG help with this.
FYI - PBR has been replaced by SD-WAN in recent releases