SMC certificate expiration on July 04, 2022, update your SMC !
Update is not possible? See the SMC not functionnal after the 4th of July 2022 article on the KB (authentication required).
Defining the traffic routing policy
You can configure static, dynamic or return routes to direct traffic to IPsec VTIs. You can also define filter rules to set up routing.
You can perform these operations directly from SMC if the firewalls included in the topology are in at least version 4.2.4 and if routing configuration has been enabled on SMC.
Otherwise, you must configure the routes directly on your firewalls.
If you are setting up policy-based routing:
- Create filter rules for each firewall to allow traffic to go through the tunnel. The remote peer must be defined as the Gateway – router. To do so, in the Action menu, General tab in rules, select the VTI object that SMC automatically generated, representing the remote peer.
- Create return routes in each firewall's Routing tab.
If you are not using policy-based routing (PBR):
- On each firewall, create static routes dedicated to the remote peer’s IPsec VTIs.
- Configure a filter policy for each firewall to allow traffic to go through the tunnel.
Refer to the section Configuring the network and routing as well.