We're upgrading our SD-WAN with a new fiber vendor whose giving us a private fiber network connection. They're connecting up to MX64's at our small sites, MX100's at our 2 larger sites and the Data Center.
We're planning to auto-VPN them to connect, use the Data Center as the exit hub. However, there's a catch. We have existing firewalls we want to route through instead of letting the MXs do that lifting (because it's already in place and heavily ruled.) The fiber company is about ready to hand off their gear and let us plug in to test before we spend a Saturday afternoon going live.
Clearly the current issue we're struggling with is how to tell the DC MX100 to route outbound traffic to the internal xxx.xxx.15.254 address, opposed to the typical default route of 0.0.0.0 to the WAN uplink. If we put in a static route of 0.0.0.0/32 going to xxx.xxx.15.254, then it comes up below the 0.0.0.0/0 route to the WAN uplink, so I'm not sure that's going to accomplish what we're looking for.
Should we try to set a default route on all the MX's to simply point to xxx.xxx.15.254 instead of the WAN uplink, and let the auto-VPN get the traffic over to the DC and pass it to the firewall that way?