SRX

I've run into a situation where our school district Nintendo Switch policy for eSports can send the traffic out an interface to our secondary ISP and not always our primary one. Since I have to have a NAT policy to make sure they all get a given public IP that is on our primary ISP interface, going out the other one makes the connection not work with Nintendo properly. 

The firewall policy has not changed since last season.  I've verified the IP of these two devices and they are correct. The NAT rule references the correct IPS and the NAT pool for them is still correct.   I just can't see where I can force an interface if the device matches the requirements for the Nintendo policy we have. 

The egress interface for traffic is selected by the destination ip address and the active routing table and NOT the policies in play.

Since you have two ISP you will need to be sure the Nintendo destination ip addresses are all set towards that desired ISP.

I've run into a situation where our school district Nintendo Switch policy for eSports can send the traffic out an interface to our secondary ISP and not always our primary one. Since I have to have a NAT policy to make sure they all get a given public IP that is on our primary ISP interface, going out the other one makes the connection not work with Nintendo properly. 

The firewall policy has not changed since last season.  I've verified the IP of these two devices and they are correct. The NAT rule references the correct IPS and the NAT pool for them is still correct.   I just can't see where I can force an interface if the device matches the requirements for the Nintendo policy we have. 

The destination IP is not fixed. It's a good list of possible IPs from Nintendo and from the other device(s) in the online eSports match.  So, it would be almost random based on who they are playing against.   I have fixed IPs for the Nintendo Switches at our end and a single public NAT'd IP for all of them to use.  

The only thing I can think of  that we changed since last school year, is that we did add a static route for the secondary ISP so that traffic would be able to return from the secondary ISP via the same interface, rather than coming back on the primary ISP interface. 

The egress interface for traffic is selected by the destination ip address and the active routing table and NOT the policies in play.

Since you have two ISP you will need to be sure the Nintendo destination ip addresses are all set towards that desired ISP.

I've run into a situation where our school district Nintendo Switch policy for eSports can send the traffic out an interface to our secondary ISP and not always our primary one. Since I have to have a NAT policy to make sure they all get a given public IP that is on our primary ISP interface, going out the other one makes the connection not work with Nintendo properly. 

The firewall policy has not changed since last season.  I've verified the IP of these two devices and they are correct. The NAT rule references the correct IPS and the NAT pool for them is still correct.   I just can't see where I can force an interface if the device matches the requirements for the Nintendo policy we have.