Configure forwarding all external traffic from network to specific wan interface

BorisSBorisS
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN
Dear,
We have two wan interfaces and I am trying to configure all external traffic from specific network to go out to specific wan interface.
I have tried to configure dynamic nat and 1 to 1 Nat but it seems that it doesn’t work - the traffic is going out from the both interfaces.
I have multi wan configured with round robin method.

Comments

  • Bruce_BriggsBruce_Briggs

    You can use SD-WAN on outgoing policies, or for old versions, Policy Based Routing, to do this.

    About SD-WAN
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/sd-wan/sd_wan_routing_about.html

  • BorisSBorisS
    Thanks Bruce!
    So it is not possible with current configuration to do this Nat?
  • Bruce_BriggsBruce_Briggs

    Never was, really.

  • BorisSBorisS
    Thanks Bruce it is working as I wanted. Could be you so kind to suggest how to configure internal mail server to pass traffic external. Now I am using 1 by 1 NAT(even with multi wan set to round robin). Do you suggest to use sd-wan again?
  • Bruce_BriggsBruce_Briggs

    With SD-WAN, you always know what interface outgoing session packets will go out as long as that interface is considered up.
    Without SD-WAN, and with Round Robin, I would expect some outgoing SMTP from your server will go out each WAN interface, even with 1-to-1 NAT selected.

  • BorisSBorisS
    Ok Bruce. One last question, because the IP address which I use for mail server is secondary on the interface, how can this be configured in sd-wan? Does it take action then the 1 to 1 NAT?
  • Bruce_BriggsBruce_Briggs

    As I understand it, SD-WAN selects the interface to which packets should be routed, then NAT processing happens just prior to packets going out an interface.

  • BorisSBorisS
    Yes it seems to be like that. I have tested and it is ok.
    Thanks for your support.
Sign In to comment.