ALL FB traffic routing through new BOVPN
I have three BOVPN's to two remote offices and also Azure.
An MSP I'm working with requested a BOVPN to their security teams firewall instead of having to use a client VPN every time they need to connect.
So I created the Gateways, Tunnels, added the new BOVPN to my existing policies and saved to the firebox.
Now for some reason ALL my traffic (web, dns, mail, etc...... ) now routes out the newly created BOVPN tunnel. I have to load and save the previous configuration to get things working normally.
The BOVPN policies are almost at the bottom of the order in Policy Manager, so all that traffic should be processed first.
Only think I can think of is that the MSP hasn't supplied the network information on their side of the tunnel so I just choose the "Any IPv4" option while setting it up.
So is the FB routing all traffic through this BOVPN because of the "any" option, even though this is almost at the bottom of the list?
Insights anyone?
- Doug
It's usually something simple.
Comments
Choosing "Any IPv4" makes a zero route (0.0.0.0/0) which will force your traffic across the tunnel.
You need to know the networks you're connecting to before you can set this up.
-James Carson
WatchGuard Customer Support
Even if the BOVPN policy is at the bottom of the list?
So it take priority over the other policies?
It's usually something simple.
I believe that it is the resulting routing that was set up for this BOVPN which is causing this, not the specific policy.
@shaazaminator A route and a policy are two different things.
A route defines where traffic is being sent to
A firewall rule defines if it is allowed or not.
By setting the 0.0.0.0/0 (any IPv4) route, you told the firewall to send all traffic across the VPN.
The default Allow-BOPVN rules would allow this. Even if it were denied, the route is still set and the firewall will still attempt to send traffic there.
-James Carson
WatchGuard Customer Support
Good to know James,
Thank You.
It's usually something simple.