Description:
In scenarios with multiple Internet connections, it may be necessary to route certain traffic over a particular Internet connection. This can be realized with policy-based routing.
However, if the associated Internet connection fails, the data will continue to be routed over a connection that no longer exists. The communication therefore fails.
This document describes how to automatically deactivate a policy-based routing rule if the associated Internet connection fails and reactivate it when the Internet connection is established again.
This procedure is suitable for scenarios where a failure of the Internet connection used by policy-based routing reverts to the default route with routing tag 0. A typical scenario would feature two Internet connections.
After deactivating the policy-based routing rule, the traffic is transmitted via the Internet connection with routing tag 0. If this is not possible (e.g. because routing tag 0 was assigned to a load balancer with more than two Internet connections), the routing tag in the firewall rule must be rewritten by means of the Action Table instead of activating/deactivating the firewall rule. This is described in this Knowledge Base article.


Requirements:


Procedure:
1) Set up the Action Table to automatically activate/deactivate the policy-based routing rule:
1.1) Open the configuration for the router in LANconfig and switch to the menu item Communication → General → Action table.
1.2) Create a new entry and enter the following information so that the firewall rule is automatically deactivated following the failure of the Internet connection.
  • Name: Enter a descriptive name.
  • Remote site: From the drop-down menu, set the Remote site to the Internet connection that the policy-based routing rule uses for routing the traffic.
  • Condition: Set the drop-down menu for Condition to End (disc. or broken).
  • Action: Enter the following command to deactivate the firewall rule:

    exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} no
1.3) Create an additional entry and enter the following information so that the firewall rule is automatically activated after the Internet connection is established.
  • Name: Enter a descriptive name.
  • Remote site: From the drop-down menu, set the Remote site to the Internet connection that the policy-based routing rule originally used for routing the traffic.
  • Condition: Set the drop-down menu for Condition to Establish.
  • Action: Enter the following command to activate the firewall rule:

    exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} yes
1.4) Write the configuration back to the router.


2) Optional: Testing the commands on the CLI
We recommend that you test the functionality of the commands saved in Step 1.2 and 1.3 in advance. 


From the CLI, the commands are specified without exec:


2.1) Connect to the router’s CLI and enter the following commands.
  • Deactivating the firewall rule:

    set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} no

  • Activating the firewall rule:

    exec: set Setup/IP-Router/Firewall/Rules/<Name of the Firewall rule> {firewall-rule} yes