Use the Networking > Routing > Policy Based Routing page to configure Policy-Based Routing (PBR). PBR specifies the internal IP and/or service going through a WAN port to provide more flexible and granular traffic handling capabilities. Up to 100 Policy-Based Routing rules can be configured on the security appliance.
This feature can be used to segregate traffic between links that are not of the same speed. High volume traffic can be routed through the port connected to a high speed link and low volume traffic can be routed through the port connected to the slow link. For example, although HTTP traffic is typically routed through WAN1, by using PBR you can bind the HTTP protocol to WAN1 and bind the FTP protocol to WAN2. In this case, the security appliance automatically channels FTP data through WAN2.
If multiple routing features operate simultaneously, the security appliance first matches the Policy-Based Routing rules, and then matches the Static Routing and default routing rules. For example, if the WAN redundancy is set as the Weighted Dual WAN Settings and the Policy-Based Routing and Static Routing rules are configured, the routing priority works as follows:
1. If traffic cannot match the Policy-Based Routing or Static Routing rules, traffic follows the Weighted Dual WAN Settings.
2. If traffic A matches the Policy-Based Routing or Static Routing rules, it will first be handled by the Policy-Based Routing or Static Routing rules, while other traffic follows the Weighted Dual WAN Settings.
Note Make sure that you configure a secondary WAN connection and that the WAN redundancy is set to Dual WAN Settings or Routing Table mode before you configure the Policy-Based Routing settings.
1. Click On to enable PBR, or click Off to disable it.
2. To add a new PBR rule, click Add. To edit an entry, click the Edit (pencil) icon.
Other options: To delete an entry, click the Delete (x) icon.
3. Enter the following information:
• From: Choose the VLAN that traffic originates from.
• Service: For service binding only, choose an existing service. For IP binding only, choose All Traffic. If the service that you want is not in the list, choose Create a new service to create a new service object. To maintain the service objects, go to the Networking > Service Management page. See Service Management.
• Source IP: For service binding only, choose Any. For IP binding only, choose the source IP address for outbound traffic. If the address object that you want is not in the list, choose Create a new address to create a new address object. To maintain the address objects, go to the Networking > Address Management page. See Address Management.
• Destination IP: For service binding only, choose Any. For IP binding only, choose the destination IP address for outbound traffic.
• DSCP: Choose the DSCP value to assign the traffic priority.
• Route to: Choose the WAN port that outbound traffic routes to.
• Failover: Click On to enable WAN Failover, or click Off to disable it. When the selected WAN port for routing is down, enabling Failover will forward traffic to the backup WAN.
NOTE: When one WAN connection is down (a connection failure is detected by ping or DNS query) and the Failover feature of PBR is disabled, traffic will be dropped.
4. Click OK to save your settings and close the pop-up window.
5. Click Save to apply your settings.
NOTE: After you apply your settings, the modified PBR settings will take effect immediately for any new sessions, but not for the existing sessions. You can manually clear the existing sessions on the Firewall > Session Limits page to apply the PBR settings immediately for all new sessions.