Defining the traffic routing policy

You can configure static, dynamic or return routes on your firewalls to direct traffic to IPSec VTIs. You can also define filter rules directly from SMC to set up routing.

If you are setting up policy-based routing:

  1. In SMC, create filter rules for each firewall to allow traffic to go through the tunnel. The remote peer must be defined as the Gateway – router. To do so, in the Action menu, General tab in rules, select the VTI object that SMC automatically generated, representing the remote peer.
    rule with routing
  2. Create return routes directly on each firewall.

If you are not using policy-based routing:

  1. In SMC, create filter rules for each firewall to allow traffic to go through the tunnel.
  2. On each firewall, create static routes dedicated to the remote peer’s IPSec VTIs.

For help on how to configure routes on your firewalls, refer to the Stormshield Network user configuration manual and the Technical note dedicated to IPSec VTIs.