Support confirmed that the cellular failover rules will not work for Active/Active AutoVPN traffic, which is kind of a bummer. I've experimented with the SD-WAN policies as well, and they too seem to not work properly. As a test, at one of my sites I put together a very simple rule: Prefer WAN 1, failover if uplink down - 10.##.##.##/32 to Any, Any to 10.##.##.##/32 However, when I run a packet capture on the S2S over Internet1 and S2S over Internet2 interfaces, I see the traffic to/from the specified IP crossing both interfaces. I've notified support of this, and they have verified that the rule appears to be set up properly. The question is whether or not SD-WAN policies affect Active/Active AutoVPN traffic... I'll follow-up once I have an official answer.
... View more