Defining the traffic routing policy
You can configure static, dynamic or return routes to direct traffic to IPsec VTIs. You can also define filter rules to set up routing.
You can perform these operations directly from SMC if the firewalls included in the topology are in at least version 4.2.4 and if network configuration has been enabled on SMC.
Otherwise, you must configure the routes directly on your firewalls.
If you are setting up policy-based routing:
- Create filter rules for each firewall to allow traffic to go through the tunnel. The remote peer must be defined as the Gateway – router. To do so, in the Action menu, General tab in rules, select the VTI object that SMC automatically generated, representing the remote peer.
- Create return routes in each firewall's Routing tab.
If you are not using policy-based routing (PBR):
- On each firewall, create static routes dedicated to the remote peer’s IPsec VTIs.
- Configure a filter policy for each firewall to allow traffic to go through the tunnel.
For help on how to configure routes on your firewalls, refer to the SNS user guide and the Technical note dedicated to IPsec VTIs.
Refer to the section Configuring the network and routing as well.