So I’m absolutely sure I had this working at one point, and from what I’ve read, and what I understand it should work. But considering I’ve had virtually no sleep and too much caffeine I think working on a production firewall at this point is futile and wrong.
I have an SG-6100, and until recently a single WAN in. 5 static IPs that are all taken by various tenents inside the building for services like external VPN and VoIP. I have a single LAN out to a Unifi stack where its all divided up by VLAN to different office spaces, these spaces some have tenant controlled routers that dish out their own WiFi (not ideal)
Anyway the current WAN Is a broadband 500/50 link, and the new dedicated fiber line is 1/1Gbps with 15 statics.
The company has now started to pay for this service and wants to use it of course.
What I want to do here is change the default gateway for all those not using the old static IPs so they all get the new line, and keep the tenants using the old WAN with statics going out that WAN.
SO TAKING ONE EXAMPLE
I have specific NAT port forward all and Outbound rules for ‘Company0’. Within these the specific VIP set and directed to a single host/alias of their router. The associated firewall rule has the gateway specifically set to the old WAN.
When I change the default gateway my understanding is that because I have specifically set the gateway in the firewall rule this should ignore default and go where I’ve told it too. This doesn’t seem to happen. Even if I flush all the states on the firewall it ignores what I’ve set?
Like I say I’m SURE this worked the other day but I was tired and high on caffeine so maybe I was dreaming lol.
Am I missing something simple? Is this not possible to direct traffic this way? Can someone put me outta my misery please?
Okay reading some other posts on the forum i think i might have figured out how i had it previously.
Am i correct in thinking i need to setup a prioritised gateway group here, and then specify in the rules the gateway i want? Is that right?
This didnt work, as soon as the gateway moves to the group, everything moves regardless of the rule being set specifically. Help still needed