Based on the policy-based routing rules, you can specify a dedicated route to the Internet for certain hosts and/or services. Suppose that your company uses 2 ISPs, so that all HTTP/HTTPS traffic is forwarded via ISP1 while ISP2 handles the remaining traffic. To do this, specify the Internet gateway of ISP2 as the default gateway and then create a new rule for forwarding all HTTP/HTTPS traffic to a gateway of ISP1.
Important! Rules are applied from top to bottom in the same order as they are displayed in the console. The system always applies only the first rule for which all criteria are met. This means that the most specific rules must be in the upper part of the list, while the broader rules must be in the bottom. If you want to change the order of rules, use the Up/Down buttons.
Important! The rule will be applied only when all its specific conditions are met. The Negate checkbox makes the condition opposite to the initial condition, i.e. corresponds to logical negation (NOT).
To create a new routing rule, click Add in the Network policies--> NAT and routing section and specify the following parameters.
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables a rule |
|
Name |
Rule name |
|
Comment |
Description of a rule |
|
Type |
Select Policy-based routing |
|
Enable logging |
Logs information about traffic when a rule is triggered. The following modes can be used:
|
|
Gateway |
Select an existing gateway. You can add more gateways in Network-->Gateways. |
|
Source |
A source zone and/or a list of source IP or MAC addresses for the traffic. I |
|
Destination |
A destination zone and/or a list of destination IP addresses for the traffic. |
|
Services |
Service type, e.g. HTTP, HTTPS, etc. |