Policy-based routing rules are normally used to define a specific route to the Internet for certain hosts and/or services. For example, an organization that uses two Internet providers may need to route all HTTP traffic via provider 1 and all the rest via provider 2. To do that, it would set the Internet gateway of provider 2 as the default gateway and configure a policy-based routing rule for HTTPS traffic via the gateway of provider 1.
Note
PBR rules do not replace NAT rules or affect how they work. For network address translation, place a corresponding NAT rule after a PBR rule.
Note
The rules are applied top to bottom in their listing order. Only the first rule in which all conditions are matched is applied. This means that more specific rules must be placed higher in the list than more general ones. To change the order in which the rules will be applied, use the Up/Down and Top/Bottom buttons or drag and drop the rules with the mouse.
Note
The Negate checkbox changes the condition to the opposite, which corresponds to a Boolean NOT (negation).
To create a policy-based routing rule, go to the Network policies --> NAT and routing section, click Add, and provide the desired settings.
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables the rule. |
|
Name |
The name of the rule. |
|
Description |
A description of the rule. |
|
Type |
Select Policy-Based Routing. |
|
Gateway |
Select one of the existing gateways. You can add a gateway in the Network --> Gateways section. Important! The selected gateway may belong to a specific virtual router. |
|
Logging |
Logs traffic information when the rule is triggered. The available options are:
|
|
Source |
The zone, IP address lists, GeoIP address lists, or URL lists of the traffic source. The URL list must include only domain names. Every 5 minutes UserGate resolves domain names into IP addresses and stores the result in the internal cache for the DNS record's time-to-live (TTL). When the TTL expires, UserGate automatically updates the IP address value. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15. Important! If MAC addresses specified, the Negate checkbox will not work. Important! Traffic processing performed with the following statements:
|
|
Destination |
The zone, IP address lists, GeoIP address lists, or URL lists of the traffic destination. The URL list must include only domain names. Every 5 minutes UserGate resolves domain names into IP addresses and stores the result in the internal cache for the DNS record's time-to-live (TTL). When the TTL expires, UserGate automatically updates the IP address value. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15. Important! Traffic processing performed with the following statements:
|
|
Service |
The service type, such as HTTP, HTTPS or other. |
|
Usage |
The rule triggering statistics: the total number of triggers, the time of the first and last triggers. To reset statistics, select rules in the list and click Reset hit counts. |
|
History |
The time when the rule was created and last modified, as well as the event log entries related to this rule: adding, updating the rule, changing the position of the rule in the list, etc. |