Overview

Policy based routing extends the scope of static routes by providing more flexible traffic handling capabilities. It allows routing based upon source address, service/application, and Destination address. Hence, it offers granular control for forwarding packets based upon a number of user defined variables like: Destination, Source, Application, User, Service or any combination of these.

Applicable Version: All

This article contains Three (3) scenarios with which you can configure policy-based routing.

- Source Based Routing

- Service Based Routing

- Destination Based Routing

Below is Network Scenario (Diagram 1)

Scenario 1: Source Based Routing

- Configure all traffic originating from the Predefined Source Type.

- Below are the list of Source types that are supported by the Seqrite UTM device.

(For Better understanding refer above Diagram 1)

Configuration

Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network > Routing > Policy Based. Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters considering source IP range is 192.168.2.220- 192.168.2.230 from LAN network 192.168.2.0/24.

Parameter	Value	Description
Name	PBRForIPRange	Specify the name to identify the rule.
Position	1	As per provided position value, this PBR rule should be applied to the network traffic with first priority.
Source Interface	Eth0	PBR rule will be applied for the defined source Packets which are coming from interface eth0.
Source Type	IP-Range	Selected Source type as a IP-Range, from different types supported by device.
Source	IPRange1 (192.168.2.220- 192.168.2.230)	You can use the existing definition or create the new definition for the IP Range.
Service	Any	Service is identified based in source port or destination port or both. Here any means all services are allowed.
Route type	Interface Route	Traffic would be forwarded through the only WAN Interfaces
Target	Target :-eth1 Secondary Target :-eth2	Traffic would be forwarded via eth1, only if eth1 fails then only traffic would be forwarded through eth2.
Time category	TimePolicy	PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00)
Destination Network	Any	Destination network is set to any Network.

Click Apply to create rule.

Scenario 2: Service Based Routing

 

- These kind of PBR rule appeal to the traffic which is requesting for specific services.

-Based on the requirement, need to select the specific service definition. For Example Customer wants to create PBR for SMTP traffic.

(For Better understanding refer above Diagram 1)

Configuration

Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network  Routing  Policy Based. Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters.

- Configure PBR rule for all SMTP traffic to be routed through eth1 interface.

Parameter	Value	Description
Name	ServicePBR	Specify the name to identify the rule.
Position	2	As per provided position value, this PBR rule should be applied to the network traffic with Second priority.
Source Interface	Eth0	PBR rule will be applied for the defined source Packets which are coming from interface eth0.
Source Type	Network	Network Traffic from defined Source network is allowed
Source	Local	Local policy defines 192.168.10.0/24 network
Service	SMTP	PBR rule will be applied only for SMTP service requests.
Route type	Interface Route	Traffic would be forwarded through the only WAN Interfaces
Target	Target :-eth1 Secondary Target :-eth2	Traffic would be forwarded via eth1,only if eth1 fails then only traffic would be forwarded through eth2.
Time category	TimePolicy	PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00)
Destination Network	Any	Destination network is set to any Network.

Click Apply to create rule.

Scenario 3: Destination Based Routing

 

- These kind of PBR rule appeal to the network traffic which is destined for specific Network/Host.

-it allows all traffic destined towards/originating from Web Server to be routed through Specific Gateway.

(For Better understanding refer above Diagram 1)

Configuration

Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network > Routing > Policy Based.Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters.

- Configure PBR rule for all Web-server requests(originating from eth0 interface) to be routed through eth1 interface.

Parameter	Value	Description
Name	ServerPBR	Specify the name to identify the rule.
Position	3	As per provided position value, this PBR rule should be applied to the network traffic with third priority.
Source Interface	Eth0	PBR rule will be applied for the defined source Packets which are coming from interface eth0.
Source Type	Network	Network Traffic from defined Source network is allowed
Source	Local	Local policy defines 192.168.10.0/24 network
Service	Any	Service is identified based in source port or destination port or both.here any means all services are allowed.
Route type	Interface Route	Traffic would be forwarded through the only WAN Interfaces
Target	Target :-eth1 Secondary Target :-eth2	Traffic would be forwarded via eth1,only if eth1 fails then only traffic would be forwarded through eth2.
Time category	TimePolicy	PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00)
Destination Network	Web-server(151.101.66.217)	PBR rule will be applied for the traffic which is destined towards the network, which is predefined in Web-server policy.

-Click Apply to create rule.

-While creating the policy based routing rule for network traffic, we can specify the any combination of Source based, Service based & Destination based routing depending on the treatment that we want to apply on traffic.

Note: - We can configure above settings based on the IP address and FQDN is not supported.

Please contact Seqrite Technical Support for more assistance