I have a MX68 (no built in cellular) new install with two Netgear switches each on a different lan. Voice on one switch and data on the other. I have fibre link coming into WAN 1 and is primary. WAN 2 is a cellular router and is set to failover from WAN1.
Data LAN (switch V1 ) carries the data for all users and connects to port 3 on the MX
Voice LAN (switch v2) carries the VOIP for all phones and connects to port 4 on the MX.
What I would like to do is if there is a failover to only allow data from V2 out WAN 2 until WAN 1 comes back on.
Is this accomplished by putting a firewall a rule in the firewall that block all traffic from port 3 going to port 2?
Will this have any adverse affects ?
would it look like this:
Policy Protocol Source Src port Destination Dst port Comment
DENY ANY. 192.168.11.0/24 3 0.0.0.0/24 2
Do I need to add anything to the route table?
The best option for U is using the SD-WAN on your MX.
You can set different firewall rules defining by subnet or service.
Security & SDWAN --> SD-WAN & Trafic Shaping
If you open a support ticket you can ask them to make WAN2 act like the cellular circuit.
Then you can use the cellular firewall rules.
Note after doing this the cellular modem can strictly only be used for failover.