Using firewall rules for routing is not the preferred path because that is not what they are designed/responsible to do.
What firewall rules are intended to do is to ensure you either allow or deny traffic between networks, subnets or devices, in terms of access to/fro the router or across the router.
For example in firewall rules you can say vlan10 you are allowed out wan1 and vlan10 you are not allowed out WAN2 but that doesnt tell VLAN10 where to attempt to go out of the router.
That is done by routes and is where you should delineate where subnets traffic is to BE DIRECTED if that is the requirement.
Firewall rule = where traffic is permitted/denied
Route = where traffic is sent/directed
I hope that makes it clearer, albeit a shitty explanation.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
By the way do not use vlan1, it is the default vlan to be used with bridges, for example, and thus shouldnt be used for normal vlan traffic.
This article is the best on vlans.....
viewtopic.php?f=23&t=143620
In terms of Routes
Its hard to provide advice as we do not see your current route setup.
/export hide-sensitive file=anynameyouwish.
Typically one has
0.0.0.0/0 gwy of ISP1=x.x.x.x check-gateway=ping distance=5
0.0.0.0/0 gwy of ISP2=y.y.y.y distance=10
Where ISP1 is the primary and if it goes down then the router switches to ISP1.
In this case ISP2 is not used at all except for a backup scenario.
Lets say you have vlans 10,20.30 and 31 and you wanted all of them to use WAN1 except vlan 31
Then the only change required would be the following:
0.0.0.0/0 gwy of ISP1=x.x.x.x check-gateway=ping distance=5
0.0.0.0/0 gwy of ISP2=y.y.y.y distance=10
0.0.0.0/0 gwy of ISP2=y.y.y.y distance=10 routing-mark=wan2-only
Where in your setup you add a second instance of the WAN2 route but add a routing mark and then fill in an associated route rule, with the command of lookup only in table.
As per the diagram, which in effect will take any internet bound traffic for my vlan31 and send it out on WAN2, all the time.
....
singlevlan.JPG
You do not have the required permissions to view the files attached to this post.