This is an architecture/design/capability question.
Design Requirements:
[ul]Approaches, Questions:
[ul]
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You might have attached an image, which seems to be broken.
My guess is only way to accomplish is to set up SD-WAN including two paths and tweak the rules. Once you configured a policy route, it won't disappear when the circuit goes down because it's a "policy" not a "route". So won't fail-over.
Sessions could override but the route still needs to be there toward the interface you're steering traffic to. That's why SD-WAN set default-route to all member interfaces. And static route's "priority" works in the way you described because all static routes for the same prefix/prefix-length with different priorities co-exist in the routing-table. Only sessions initiated by inside follow the highest priority route.
You can ask the SE further.
Thanks. Yes we are looking more closely at how SD-WAN configurations might help, but we still have the problem of inbound-initiated sessions via the WAN interface. What we see is that the replies from those are picked up by the policy/static routes that have dst=0.0.0.0/0. We're expecting those inbound-initiated sessions to have their replies picked up by the session table, instead of the routing table, but evidence so far is they are not (the policy/routing table is winning, and those replies get dropped by RPF).
Now I see your diagram. Is the both that decides 'A' or 'B' actually a FortiGate? You used FortiGate's icon at the box on 'A' path, but didn't use it for the key box.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.