I would like the help of the experts.
I am planning a central structure for the internet navigation of the network, where I have the headquarters and the branch.
I would like to force all the internet output of the branch either through the headquarters. Without losing external access to the branch's RB.
For this I am studying and analyzing which methods and tools I would use.
I wanted your opinion.
For now I think about closing an IPsec VPN between the two units and by mangle rules redirect navigation to the headquarters router.
That way, you would not lose access to RB from the outside for any maintenance emergency, without the need to change the default route and the ipsec vpn as it is perfect and safe.
However, I don't know if this would be an intelligent use or better management. There may be other more dynamic vpn or routing protocols that would help me in the future to manage more branches.
My main idea is not to manage the branch office firewalls with too many rules, centralizing the navigation in a firewall that would allow me a single point of maintenance.
I thank you in advance for understanding and time for reading and help.
Forgive my English.