Hello out there,
im quiet a bit new to PBR and firewalls and so, i worked through many articels on this site. It would be really nice if someone could pls review my work, give me some hints and help me to solve the last questions.
Policy Based Routing (example ER PoE) WAN Side ISP 1 – Eth0 – IP Unknown ISP 2 – Eth1 – IP Unknown LAN Side Switch – including Eth 2 + 3 + 4 LAN Nets VLAN 1 untagged switch – 10.0.10.0/24 (Work) VLAN 20 – tagged switch.20 – 10.0.20.0/24 (Office) VLAN 30 – tagged switch.30 – 10.0.30.0/24 (Guest) VLAN 40 – tagged switch.40 – 10.0.40.0/24 (Video) Circumstances ISP 1 Line Based, uptime 99% ISP 2 Mobile Solution, fallback Only On Fallback Situation – VLAN 30 and 40 should not Communicate with to outside World My Solution (CLI) set protocols static table 1 route 0.0.0.0/0 next-hop ? set protocols static table 2 route 0.0.0.0/0 next-hop ? set load-balance group FAILOVER set load-balance group FAILOVER interface eth0 set load-balance group FAILOVER interface eth1 failover-only set firewall modify WAN_FAILOVER rule 10 description ‚Exclude private subnets‘ set firewall modify WAN_FAILOVER rule 10 action accept set firewall modify WAN_FAILOVER rule 10 destination address 10.0.0.0/8 set firewall modify WAN_FAILOVER rule 20 description ‚Exclude private subnets‘ set firewall modify WAN_FAILOVER rule 20 action accept set firewall modify WAN_FAILOVER rule 20 destination address 172.16.0.0/12 set firewall modify WAN_FAILOVER rule 30 description ‚Exclude private subnets‘ set firewall modify WAN_FAILOVER rule 30 action accept set firewall modify WAN_FAILOVER rule 30 destination address 192.168.0.0/12 set firewall modify WAN_FAILOVER rule 40 description ‚Exclude private subnets‘ set firewall modify WAN_FAILOVER rule 40 action modify set firewall modify WAN_FAILOVER rule 40 modify lb-group FAILOVER set interfaces switch switch0 firewall in modify WAN_FAILOVER set firewall modify SOURCE_ROUTE rule 10 description ‚traffic from switch.20 to ISP 1‘ set firewall modify SOURCE_ROUTE rule 10 source address 10.0.20.0/24 set firewall modify SOURCE_ROUTE rule 10 modify table 1 set firewall modify SOURCE_ROUTE rule 20 description ‚traffic from switch.30 to ISP 1‘ set firewall modify SOURCE_ROUTE rule 20 source address 10.0.30.0/24 set firewall modify SOURCE_ROUTE rule 20 modify table 1 set firewall modify SOURCE_ROUTE rule 30 description ‚traffic from switch.40 to ISP 1‘ set firewall modify SOURCE_ROUTE rule 30 source address 10.0.40.0/24 set firewall modify SOURCE_ROUTE rule 30 modify table 1 set firewall modify SOURCE_ROUTE rule 40 description ‚traffic from switch.20 to ISP 2‘ set firewall modify SOURCE_ROUTE rule 40 source address 10.0.20.0/24 set firewall modify SOURCE_ROUTE rule 40 modify table 2 set firewall modify SOURCE_ROUTE rule 50 description ‚traffic from switch.30 to ISP 2‘ set firewall modify SOURCE_ROUTE rule 50 source address 10.0.30.0/24 set firewall modify SOURCE_ROUTE rule 50 modify table 2 set firewall modify SOURCE_ROUTE rule 60 description ‚traffic from switch.40 to ISP 2‘ set firewall modify SOURCE_ROUTE rule 60 source address 10.0.40.0/24 set firewall modify SOURCE_ROUTE rule 60 modify table 2 set interfaces switch switch0 firewall in modify SOURCE_ROUTE set interfaces switch switch0 vif 20 firewall in modify SOURCE_ROUTE set interfaces switch switch0 vif 30 firewall in modify SOURCE_ROUTE set interfaces switch switch0 vif 40 firewall in modify SOURCE_ROUTE // Fallback Route if 1 ISP is down set protocols static route 0.0.0.0/0 next-hop ? set protocols static route 0.0.0.0/0 next-hop ? // LAN to LAN Traffic (office to video and Work to video) set firewall group network-group LAN_NETS network 10.0.10.0/24 set firewall group network-group LAN_NETS network 10.0.20.0/24 set firewall group network-group LAN_NETS network 10.0.40.0/24 //Skip Policy Based Routing PBR on Lan Nets set firewall modify SOURCE_ROUTE rule 5 description ‚LAN to LAN skip PBR‘ set firewall modify SOURCE_ROUTE rule 5 destination group network-group LAN_NETS set firewall modify SOURCE_ROUTE rule 5 modify table main
Thank you in advance,
Jan