At my location we have a primary and backup internet connection. The backup connection is completely underutilized; no traffic traverses it unless our main connection is down.
I'd like to use policy based routing to direct all http traffic across the backup link. I have a fair understanding of the PBR setup, I'm just not sure exactly where to implement it.
It's been explained to me that I would need to acquire a second PIX due to the way outbound PIX traffic does a route table lookup after traffic passes through the higher security interface. This is fine; I just want to verify that what I want to do is possible before investing in the hardware.
In the attached image, Switch 1 is our layer 3 switch. Router 1 is where both ISP's connect to our network.
I'm thinking I would just add another PIX, connect our web filter to it, set his default gateway to Router 1, and implement PBR on Router 1? Or would I configure PBR on Switch 1 (his current default route is Firewall 1) and configure Firewall 2 with a default gateway of ISP 2?
Sorry if this seems simple, I just don't get downtime windows very often and would like to get some feedback before trying anything.
On Router 1 routes are set up as follows:
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 [ISP 1]
ip route 0.0.0.0 0.0.0.0 [ISP 2]