I have an XG 230 with an SDWAN box on eth4 and link to my switches on eth0, internet on eth1.
This gives me 2 ways to route public traffic inside my network - via sdwan box (eth4) or via the switches on eth0.
I would like to have all traffic from the internet going to Prod servers eg 10.1.1.5, to route via eth4 to the sdwan box.
For SSL VPN traffic going to 10.1.1.5, I want that to go via the switches on eth0.
I tried a few ways to do this with policy routes and static routing but couldnt get it to work how I need it, I end up with traffic going in and not coming back out.
Its mostly due to limitations on sdwan side of that eth4 interface, it doesnt allow traffic back to the SSL VPN Subnet on 192.168.1.0/24, it considers it a public and untrusted network.
The SSL VPN traffic goes via the LAN interface and ends up at the XG via eth0.
Is there way I can do:
Source 192.168.1.0 (VPN Subnet) > Destination 10.1.1.0/24 (prod) - use eth0
Source 0.0.0.0/0 > Destination 10.1.1.0/24 (prod) - use eth4
Quote