I have a scenario where ALL traffic from the MX is to traverse a VPN to the internet via a centralised cloud security service.
The 3rd party VPN advertises the 0.0.0.0/0 so that the VPN is used as the default gateway.
Its working fine.
However there will be exceptions where some LAN traffic will be required to use the WAN 0.0.0.0/0 to retain the local sites source IP in the UK for web site / vpn authentication purposes and not the VPN 0.0.0.0/0.
The MX has the ability to add static routes however they only apply to LAN interfaces and do not override the 0.0.0.0/0 behavior.
I tried adding a static to Google 8.8.8.8/32 and passing it to a LAN port VLAN that was not in the 'use VPN' list however the traffic got terminated by the MX which returns pings <1ms so its staying local.
I guess I could add a static to a 3rd party device on a VLAN in my attempt to get the traffic to 8.8.8.8 to use a different path to the internet but that means adding additional LAN hardware.
Can anyone think how the MX could be configured to route specific traffic via the WAN 0.0.0.0/0 and override the VPN learned 0.0.0.0/0 ?
This is so frustrating as all we need is a static routing capability that works with WAN interfaces and not just LAN so we can override the default path.