Description
This article explains how to avoid misrouting by associating each of the WAN interfaces that comprise an SD-WAN to its corresponding physical interface, if there is a NAT pool for each of them.
Solution
Create both IP pool objects at Policy & Objects -> IP Pools.
Add these two IP pools to the firewall policy that gives user’s access to the Internet via the SD-WAN:
- Go to Policy & Objects -> IPv4 Policy
- Create or edit the corresponding policy and in the Firewall/Network Options enable the NAT option.
- In the IP Pool Configuration, select 'Use Dynamic IP Pool' and add the two IP Pools created previously.
Via CLI only:
In order to associate each of the IP Pools used in the firewall policy with their corresponding physical interface open a CLI session and type:
This article explains how to avoid misrouting by associating each of the WAN interfaces that comprise an SD-WAN to its corresponding physical interface, if there is a NAT pool for each of them.
Solution
Create both IP pool objects at Policy & Objects -> IP Pools.
Add these two IP pools to the firewall policy that gives user’s access to the Internet via the SD-WAN:
- Go to Policy & Objects -> IPv4 Policy
- Create or edit the corresponding policy and in the Firewall/Network Options enable the NAT option.
- In the IP Pool Configuration, select 'Use Dynamic IP Pool' and add the two IP Pools created previously.
Via CLI only:
In order to associate each of the IP Pools used in the firewall policy with their corresponding physical interface open a CLI session and type:
#config firewall ippool
edit <IP_Pool_1>
set associated-interface <portX>
next
edit <IP_Pool_2>
set associated-interface <portY>
next
end
