I am in the process of installing an SSG20 at an office that has 2 WAN Internet interfaces and 1 LAN interface. The 1st WAN interface is a T1 that maintains route based VPN links with other offices and other server based traffic such as SMTP. I have destination static routes setup to direct inter-office traffic over the appropriate VPN link. The other WAN interface is an ADSL circuit that is supposed to be for casual Internet access for the LAN users. I tried using source routing to direct user systems to use the ADSL WAN interface, but when I do it overrides the VPN destination routes and none of the clients can communicate with other offices over the VPN. I tried changing the priority of the route lookup to lookup destination routes first to give the VPN routes first shot. However, in order to allow routing lookup to pass to source routing when there are no matching destination routes, I had to remove the default gateway in the destination routes. This sort of worked, clients can access VPN first thru destination routes, then the source routing directs clients out the ADSL WAN interface for everything else. However, since there is no longer a default gateway I was forced to add specific source routing for the servers to tell them to use the T1 WAN interface (otherwise they have no route to destination for anything not explicitely defined). I can't figure out how to define a default source route for all other sources beyond my specific list of client IPs. This has become an issue because the SSG20 itself is not able to find routes to destination. For example, it can't do AV or DI updates, or SurfControl lookups because it has no route to the web sites that provide those services. I've even tried creating source route entries for the SSG20, but it still doesn't have a route to destination (I'm not sure what the SSG considers the source IP when it's the SSG itself sending IP packet. Also, user VPNs fail because there is no route to destination for those IPs either (for the site to site VPNs I was able to fix that by putting in the appropriate destination routes for those static IPs).
So, in summary the questions I have are:
1) Is it possible to define a default gateway in source routing.
2) If not, is it possible to define an appropriate source routing for the SSG itself to use when it communications with various random IPs like AV updates, user VPNs, etc.
3) If not, is there a better way to do all this?