Overview
Policy based routing extends the scope of static routes by providing more flexible traffic handling capabilities. It allows routing based upon source address, service/application, and Destination address. Hence, it offers granular control for forwarding packets based upon a number of user defined variables like: Destination, Source, Application, User, Service or any combination of these.
Applicable Version: All
This article contains Three (3) scenarios with which you can configure policy-based routing.
- Source Based Routing
- Service Based Routing
- Destination Based Routing
Below is Network Scenario (Diagram 1)
Scenario 1: Source Based Routing
- Configure all traffic originating from the Predefined Source Type.
- Below are the list of Source types that are supported by the Seqrite UTM device.
(For Better understanding refer above Diagram 1)
Configuration
Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network > Routing > Policy Based. Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters considering source IP range is 192.168.2.220- 192.168.2.230 from LAN network 192.168.2.0/24.
Parameter | Value | Description |
Name | PBRForIPRange | Specify the name to identify the rule. |
Position | 1 | As per provided position value, this PBR rule should be applied to the network traffic with first priority. |
Source Interface | Eth0 | PBR rule will be applied for the defined source Packets which are coming from interface eth0. |
Source Type | IP-Range | Selected Source type as a IP-Range, from different types supported by device. |
Source | IPRange1 (192.168.2.220- 192.168.2.230) | You can use the existing definition or create the new definition for the IP Range. |
Service | Any | Service is identified based in source port or destination port or both. Here any means all services are allowed. |
Route type | Interface Route | Traffic would be forwarded through the only WAN Interfaces |
Target | Target :-eth1 Secondary Target :-eth2 | Traffic would be forwarded via eth1, only if eth1 fails then only traffic would be forwarded through eth2. |
Time category | TimePolicy | PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00) |
Destination Network | Any | Destination network is set to any Network. |
Click Apply to create rule.
Scenario 2: Service Based Routing
- These kind of PBR rule appeal to the traffic which is requesting for specific services.
-Based on the requirement, need to select the specific service definition. For Example Customer wants to create PBR for SMTP traffic.
(For Better understanding refer above Diagram 1)
Configuration
Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network Routing Policy Based. Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters.
- Configure PBR rule for all SMTP traffic to be routed through eth1 interface.
Parameter | Value | Description |
Name | ServicePBR | Specify the name to identify the rule. |
Position | 2 | As per provided position value, this PBR rule should be applied to the network traffic with Second priority. |
Source Interface | Eth0 | PBR rule will be applied for the defined source Packets which are coming from interface eth0. |
Source Type | Network | Network Traffic from defined Source network is allowed |
Source | Local | Local policy defines 192.168.10.0/24 network |
Service | SMTP | PBR rule will be applied only for SMTP service requests. |
Route type | Interface Route | Traffic would be forwarded through the only WAN Interfaces |
Target | Target :-eth1 Secondary Target :-eth2 | Traffic would be forwarded via eth1,only if eth1 fails then only traffic would be forwarded through eth2. |
Time category | TimePolicy | PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00) |
Destination Network | Any | Destination network is set to any Network. |
Click Apply to create rule.
Scenario 3: Destination Based Routing
- These kind of PBR rule appeal to the network traffic which is destined for specific Network/Host.
-it allows all traffic destined towards/originating from Web Server to be routed through Specific Gateway.
(For Better understanding refer above Diagram 1)
Configuration
Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network > Routing > Policy Based.Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters.
- Configure PBR rule for all Web-server requests(originating from eth0 interface) to be routed through eth1 interface.
Parameter | Value | Description |
Name | ServerPBR | Specify the name to identify the rule. |
Position | 3 | As per provided position value, this PBR rule should be applied to the network traffic with third priority. |
Source Interface | Eth0 | PBR rule will be applied for the defined source Packets which are coming from interface eth0. |
Source Type | Network | Network Traffic from defined Source network is allowed |
Source | Local | Local policy defines 192.168.10.0/24 network |
Service | Any | Service is identified based in source port or destination port or both.here any means all services are allowed. |
Route type | Interface Route | Traffic would be forwarded through the only WAN Interfaces |
Target | Target :-eth1 Secondary Target :-eth2 | Traffic would be forwarded via eth1,only if eth1 fails then only traffic would be forwarded through eth2. |
Time category | TimePolicy | PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00) |
Destination Network | Web-server(151.101.66.217) | PBR rule will be applied for the traffic which is destined towards the network, which is predefined in Web-server policy. |
-Click Apply to create rule.
-While creating the policy based routing rule for network traffic, we can specify the any combination of Source based, Service based & Destination based routing depending on the treatment that we want to apply on traffic.
Note: - We can configure above settings based on the IP address and FQDN is not supported.
Please contact Seqrite Technical Support for more assistance