Using Access rules for application routing
Access rules for application routing match based on the network application that is detected in the traffic.
When you use Access rules for application routing, you can select which VPN traffic uses depending on the network applications detected in the traffic. For example, you can:
- Route traffic from specific network applications through the local Internet connection, and route other business traffic through a VPN to a data center using another connection, such as MPLS.
- Direct all traffic related to a specific network application to one ISP connection, and reserve the other ISP connection for more important traffic.
For example, you can direct YouTube traffic to a low-cost ISP connection, and direct business-critical traffic to a faster, but more expensive ISP connection.
Important: After the routing decision has been made, the NGFW Engine might later identify a different application in
the connection. If the application that is detected would cause a different routing decision to be made, the connection might be discarded.
Using Access rules for application routing has the following limitations:
- You can only use Network Application elements that have the Application Routing tag.
- You cannot use rules that match based on the network application to apply Sidewinder Proxies to traffic.