- Network Web Filter changes the source IP address of filtered traffic, causing source IP routing to break.
- Network Web Filter breaks routing.
- Network Web Filter breaks IPsec tunnel.
- Content Filter changes the source IP address of filtered traffic, causing source IP routing to break.
- Content Filter breaks routing.
- Content breaks IPsec tunnel.
- Device with content filtering enabled and a non-default destination interface for the filtered traffic, such as a IPSec tunnel.
- When Network Web Filter is enabled, all traffic that matches the webfilter rules is proxied through the internal router interface. As a result the original source based routing information is lost so the intended destination interface for the source traffic is ignored and the content filter traffic is sent out the default gateway.
To regain the ability to route via source ip address follow these steps:
- Create a loopback interface that will be used to bind webfilter traffic and serve as the new source IP address for policy routing.
- Configure the content filter rules according to what LAN traffic needs to be filtered.
- Use the source binding configuration option under System > Administration > Router Services to bind the content filter to the Loopback interface. Under LAN Network Binding click add and select the Web Access Filter and your re-direct LAN. Regardless of what interface the webifilter rule specifies, all traffic that goes through the webfilter will now be bound to the specified IP address.
- Create a route policy that matches the source IP to the IP address of the loopback LAN, then route the traffic to the destination interface. If the destination is through a tunnel, use a policy VPN to allow routing.