On 18.0.1 MR-1-Build396.
The new NAT setup does not work. On v17, picking the gateway you wanted worked great.
The gateway setup does not work. If the WAN gateway and VPN gateway have the same weight (as shown below), then the WAN stops working.If I change the weight of the internet WAN gateway to 2 or more, the internet works again.
The default NAT rule only has the internet WAN link in it and not the VPN WAN link in it. This works when the gateway weights are not equal.
This NAT rule for the guest network DOES NOT WORK.
The only way to get NAT to work with a second WAN link (as shown below) is to create a linked NAT rule and then override SNAT for ONE specific host.So how am I supposed to have a guest network with a separate WAN link?
Thanks for listening.
EDIT 1:yes, there is a corresponding firewall rule in case you are wondering.
Try to delete all your NAT rules. The default NAT rule on bot will pick up the traffic. Make sure, both WAN Gateways are selected there.
As counter intuitive as that seemed to be, it worked! Thank you…
Yeah definitely NOT a fan of v18 multi wan routing. This is insanely over complicated compared to v17 and for what? nothing but to try and fix the (still) broken SSL filtering? Ugh!
The reason is SD-WAN.
Basically if you have a bigger picture in mind, you want to build SD-WAN Policies like that. For example you have 3 VPN connections between different appliances. Your goal is to get the packet to the destination. You do not care, which Connection will be used and you do not care about the back channel connection. What i mean is, you can actually use asymmetric routing and XG has no problem with that.
DPI and SSL should not have any relation with PBR?