IPSEC route precedence

This article is not for UTM

Use policy routes instead of static routes - they have higher priority than IPSec routes

Are you sure about that, papa_?

Cheers - Bob

I have retracted my answer on this. I tried this last night and the preference still had the IPSEC VPN higher with using policy routes.

may be depends on version?

On 9.357 I have this productive.

Good to know that I have to care when I update

I'm on 9.409-9.. I dare not go to 9.410-6

I'm testing 9.411 now, Sumner.

I usually have no trouble designing around the automatic routes generated by WebAdmin.  I can't see your topology or your existing routes to suggest the "elegant" WebAdmin solution.

Instead, there is a way to use static routes, Multipath rules, etc.  In your IPsec Connection, select 'Bind tunnel to local interface' and read the help related to this.  Sometimes, this is necessary, but it always complicates things for anyone following you or trying to provide support.  I don't recommend it, but if you don't have access to an experienced UTM designer/installer, this will at least let you do things "the old-fashioned way." [;)]

Cheers - Bob

I'm testing 9.411 now, Sumner.

I usually have no trouble designing around the automatic routes generated by WebAdmin.  I can't see your topology or your existing routes to suggest the "elegant" WebAdmin solution.

Instead, there is a way to use static routes, Multipath rules, etc.  In your IPsec Connection, select 'Bind tunnel to local interface' and read the help related to this.  Sometimes, this is necessary, but it always complicates things for anyone following you or trying to provide support.  I don't recommend it, but if you don't have access to an experienced UTM designer/installer, this will at least let you do things "the old-fashioned way." [;)]

Cheers - Bob