Im trying to send all clients over a VPN by default, but i want to “bypass” the VPN for a list of clients.
set firewall group address-group VPN_v4_BYPASS address '10.0.3.9' set protocols static table 100 route 0.0.0.0/0 next-hop 10.0.0.1 set policy route VPN_v4_BYPASS rule 100 source group address-group VPN_v4_BYPASS set policy route VPN_v4_BYPASS rule 100 set table 100
Is what i did, but i cant use
!VPN_v4_BYPASS to negate the match. So this would send all listed clients over the VPN. I need the negation tho.
Whats the cleanest way to achieve something like this?