To use the 6350-SR's cellular modem in tandem with its primary WAN Ethernet port, but only allow certain IP addresses access to the cellular modem's Internet connection.

This article assumes the LAN ports are operating under default settings, which provide DHCP connectivity to devices connected to the 6350-SR's LAN ports.  For more details on the default settings of the 6350-SR, see the Default Settings section of the 6350-SR User's Manual.

For this setup, you will need the 6350-SR with both a primary WAN Ethernet connection, and a cellular modem connection.

You will also need to configure a static IP address on any client devices you want to allow access to the cellular modem connection.

The sample configuration below shows a 6350-SR with two Internet connections: a cellular-based WAN connection through the 6350-SR's modem, and a broadband-based WAN connection through the 6350-SR's WAN Ethernet port.  

This set setup shows two client devices on a 6350-SR's LAN ports, a media PC and a laptop.   The media PC is configured with a static IP address of 192.168.0.99, and the laptop is getting its IP address via DHCP from the 6350-SR.

The policy-based routing we are going to setup will accomplish the following.

1. The 6350-SR uses the Ethernet WAN as its primary interface.
2. The 6350-SR has a cellular modem connection, used as a secondary WAN interface.
3. All traffic from the media PC will always go through the cellular modem WAN interface.
4. Any traffic from other LAN devices should go through the Ethernet WAN connection.
5. If the Ethernet WAN connection is down, the 6350-SR should drop any packets from LAN devices, excluding packets from the media PC, and prevent them from going out the cellular modem interface.

Open the configuration profile for the 6350-SR and make the following changes.

1. Under Firewall -> Zones, add two new zones, one labelled modemwan, and another labelled ethernetwan.  Ensure the source NAT option is selected for both new zones.
2. Under Modem, set the Zone to modemwan.
3. Under Network -> Interfaces -> WAN, set the Zone to ethernetwan.
4. Under Firewall -> Packet filtering, setup three rules rules to accomplish the following:
   1. allow packets from the media device (192.168.0.99) to go out the cellular modem
   2. reject all other LAN packets on the cellular modem interface
   3. allow LAN packets to go through the Ethernet WAN interface
5. Under Network -> Routes -> Policy-based routing, setup a new policy with the following settings:
   1. Interface:  Modem
   2. Source address -> Type:  IPv4 address
   3. Source address -> IPv4 address:  192.168.0.99
   4. Destination address -> Type:  Zone
   5. Destination address -> Zone:  ethernetwan