cancel
Showing results for 
Search instead for 
Did you mean: 
mgb2
Level 7
Report Inappropriate Content
Message 1 of 5

Policy route not working

On our SG720, we have our internal network, plus two internet connections.  One is a T-1, which is set as our preferred gateway.  The other is a DSL line, which is not set as preferred.  We want our default traffic to go via the T-1, which it does.  I want web browsing to go out via DSL. 

I set up a policy route of type 'forward' for internal network traffic to any destination, of type 'web' to use the DSL gateway port.  But watching packet captures, this traffic continues to go out through the T-1.

BTW, I have another policy route in place for a third connection that routes based on the destination address, and it works fine. 

4 Replies
rcamm
Level 13
Report Inappropriate Content
Message 2 of 5

Re: Policy route not working

If the access control proxy is activated, you will need a rule of type OUTPUT

mgb2
Level 7
Report Inappropriate Content
Message 3 of 5

Re: Policy route not working

I turned off Access Control, but it didn't seem to make any difference.  I also changed the rule to an OUTPUT type, with no luck.

rcamm
Level 13
Report Inappropriate Content
Message 4 of 5

Re: Policy route not working

I can think of any other reason this will fail without seeing some further diagnostics.

Are you able to conact support and provie them with the diagnostics ?

mgb2
Level 7
Report Inappropriate Content
Message 5 of 5

Re: Policy route not working

After a little more digging, I discovered a few more items of interest.

1)  I had an error in my route configuration, which prevented it from working even when access control was turned off.  I corrected that, and was able to create a policy for HTTP traffic that works with access control off. 

2)  The only routing policies that don't work correctly with access control turned on are for HTTP traffic.  It appears that Access Control operates before policy routes, and as I had enabled access control and the web protection service, the traffic was being sent out to the web protection service proxy directly.

That led to a sudden realization that the web protection service was being accessed on port 8080.  I added that to my policy route, and it all appears to be working.