We have USB dongle cellular connected to the MX65W as a fail over, and that works well, but we need to limit its data usage only when on cellular to avoid being charged too much when the line fails and the cellular takes over, is there a way to do it ?
Solved! Go to solution.
Oh, sorry @FrancisDorta, I'm not reading your question properly.
No, you are limited to L3/4 rules only for cellular failover. There's on option to do L7 rules.
There's two ways.
You can rate limit the cellular in the Security > Traffic shaping page
And you can write ACLs to restrict traffic on the cellular link under Security appliance > Firewall
is there a way to get L7 FW rules to apply only when failing over to cellular ? I need to get L7 rules but only when in cellular is there a way, the issue is that once it goes on cellular I can block for example software updates, social media, etc etc that already exist on L7
Oh, sorry @FrancisDorta, I'm not reading your question properly.
No, you are limited to L3/4 rules only for cellular failover. There's on option to do L7 rules.
One last question do those rules on cellular failover apply to VPN traffic ?
Hah! That's the big question isn't it!
Unfortunately, in my testing the answer is No. The cellular failover rules seem to apply to the egress direction of the WAN interface, meaning by the time all traffic hits the rules it's already IPsec encrypted and you can no longer distinguish what it is. You can filter Internet bound traffic, but not traffic inside a IPsec tunnel.
😞