Application Control router

Burner27

Supreme [H]ardness
Joined
Oct 23, 2000
Messages
6,624
I was wondering if someone had any knowledge regarding application control using your router. Here is the scenario:

I have two WAN connections. I’d like to have certain applications go out through one WAN, and other applications go out through the other WAN. Is this even possible?

thank you!
 

BlueLineSwinger

[H]ard|Gawd
Joined
Dec 1, 2011
Messages
1,260
Probably need to look into policy-based routing. Not sure if any of the open-source routers (e.g., OpnSense, OpenWRT) have options for that, though if they do it may only support routing based on the source IP address or other info lower on the OSI model. I can't imagine any consumer-level routers support it at any level.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
867
Would this be under 'route rules'?
Where it is located would depend on the platform. In a Fortigate it would be Network --> Policy Routes or Network --> SD-WAN --> SD-WAN Rules depending on how you're doing it.
 

Burner27

Supreme [H]ardness
Joined
Oct 23, 2000
Messages
6,624
Where it is located would depend on the platform. In a Fortigate it would be Network --> Policy Routes or Network --> SD-WAN --> SD-WAN Rules depending on how you're doing it.
Ok I have something similar under Untangle.

On your Fortigate, did you specify all the routes needing to go through the specific WAN port first then your 'last' policy being the one that says 'all other traffic use this WAN'?
 

kydsid

Supreme [H]ardness
Joined
Mar 9, 2006
Messages
5,850
You want a Layer 7 device, mostly referred to as UTM (Unified Threat Management) Device/Firewall/Gateway et al., of which the aforementioned, Untangle and Fortinet are both examples. They are firewalls, routing and more thru a policy stack. Because you want to do more than just route at Layer3 etc, you need something that can scan Layer 7 and determine what to do with routing based on that information.

There are also virtualized versions of these systems that are SaaS. None are free, all are subscription based that I know of. Untangle just got bought by Arista btw (I am an Untangle user), so if this is for home use, jump on the bandwagon now and buy a license for as long as you can.

Edit, ya Arista, brain fart
 
Last edited:

Nicklebon

Gawd
Joined
May 22, 2006
Messages
867
Ok I have something similar under Untangle.

On your Fortigate, did you specify all the routes needing to go through the specific WAN port first then your 'last' policy being the one that says 'all other traffic use this WAN'?
On a FGT the rules are processed in order and overide all so yes it would work as you describe. Generally the last/default rule would be something like evenly distribute the load across all interfaces. I distribute my non specific traffic 80/20 over 2 WAN interfaces leaving the backup LTE interface to act only as backup. That said, nothing stops you from tossing it on a single interface. Be careful though your platform may do it differently.
 

Axman

[H]F Junkie
Joined
Jul 13, 2005
Messages
14,302
I have two WAN connections. I’d like to have certain applications go out through one WAN, and other applications go out through the other WAN. Is this even possible?

I can't help you but I'm curious, why would you want this?
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
867
I can't help you but I'm curious, why would you want this?
I can tell you one reason why I do it ... Take netflix for example. I am able to measure the performance of both "wired" interfaces and route netflix to the best one. Also, back when I used plain text DNS I sent all dns over the link of the ISP I knew was not mucking about with the replies and snooping the queries. Now that I'm using encrypted dns that's not an issue any more.
 
  • Like
Reactions: Axman
like this
Top