Hi all, I need to segment our public network which currently spans across our WAN on L2. The problem I have is that routed traffic on a new segment traverses the network, following the default routes, and hits the firewall's "Trusted" interface. I need to somehow direct the Public subnet traffic to the Public interface on the firewall. I've tried setting up PBR on switch A (as labelled in diagram) but I think since all the traffic from B comes across on the same VLAN/subnet it doesn't pick up the originating source address. It's like the PBR isn't recursive if that makes sense. Can anyone help please? If it's not going to work how I envisaged is there any alternative way of achieving the required outcome with the current hardware?
Diagram below is our current setup and includes the additional proposed subnet.
Hi Vince, these switches unfortunately weren't purchased all that long ago but appears they were purchased without consideration of the future., mostly just to replace like for like To boot, I work in local government so new hardware just isn't an option.
Unfortunately sticking with a layer 2 network just isn't an option as we are moving from layer 2 microwave links to IPVPN links which apparently aren't capable of this. It's so frustrating, I've just recently come back from mat leave to this mess.
After much research, I am currently steering towards something like this - creating a sort of virtual redundant link so the public traffic gets routed over one and the trusted over the other. Would this work or am I crazy to even consider this?
