Should it be possible to use the [SD-WAN & traffic shaping -> SD-WAN policies -> VPN traffic -> Uplink selection policy] to pin certain traffic by destination domain to a certain "WAN" link - even if I actually have no VPN's (just 2 regular internet connections)?
This may or may not be a dumb question. I have read through documentation and forum posts (some links below), and I'm just not 100% confident.
I also set up a little test using my MX68 running 18.107.5, and it's not working to pin traffic by domain when using VPN traffic Uplink selection. So I'm not sure if I have just proven that it doesn't work the way I'm hoping it could, or if I'm just doing something incorrectly with my test configuration. (I can share screenshots of the config if anyone wants, but just didn't to make this post that much longer.) I did read that ICMP doesn't respect the configuration no matter what, so I'm simulating real outbound traffic and running PCAP on each "WAN" interface. I can see that the traffic continues to use the primary link, even though I set an Uplink selection policy to send it out the secondary link.
At the heart of the matter, my scenario is that I will have 2 regular internet connections (no VPN) in a new office, and I'd ideally like to load balance traffic between them (whether automatically or hard-configured for certain traffic groups) just to take advantage of the combined bandwidth. But there is outbound traffic to a few domains which I really need to pin to the primary internet connection (unless the primary internet connection goes down), and so the plain round-robin load balancing wouldn't work reliably for that (I can't trust the automatic 60-minute flow pinning to work 100%). I assume that the [SD-WAN & traffic shaping -> Uplink selection -> Flow preferences -> Internet traffic] would theoretically work, but that only seems to allow for IP addresses (not domains). My domains in question use many different blocks of IP addresses, and they could change at any time, so I don't think trying to configure by IP address is feasible.
Any other feasible solution is welcome. And apologies if I'm being dense.
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping
https://community.meraki.com/t5/Security-SD-WAN/Load-balancing-question/m-p/101903#M25616