Configure policy routing

Policy routing allows you to route traffic based on both source and destination IP address. Policy routing is useful when you want to configure a different route for a destination based on the source address.

To configure alternative routes to the same destination, use route metrics, ECMP, or Multi-Link routing.

In most cases, there is no need to add policy routing entries. Policy routing entries are applied before the regular routes defined in the Routing tree (overriding those configurations if matches are found). They are processed exactly in the order specified in the Policy Routing view; the first matching policy routing entry is applied to a connection and any further entries are ignored.

Policy routing entries are not automatically added to the antispoofing configuration, so you might need to update antispoofing manually.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click an NGFW Engine, then select Edit <element type>.
  3. Browse to Routing > Policy Routing.
  4. Click Add.
  5. Double-click the cells in the table to enter the routing information.
    Note: Routing is done after NAT is applied.
  6. Click Save and Refresh to transfer the changed configuration.

Engine Editor > Routing > Policy Routing

Use this branch to define policy routing for the NGFW Engine.

Option Definition
IPv4 Policy Routes or IPv6 Policy Routes Enter the routing information in the appropriate table. Click Add to add a row to the table, or Remove to remove the selected row. Click Up or Down to move the selected element up or down.
Source IP Address Enter the source IP address. This IP address is always something other than the default 0.0.0.0 that matches any IP address. Such configurations can be handled more easily with the normal routing tools in the Routing pane.
Source Netmask

(IPv4 only)

Enter the netmask for the source IP address.
Source Prefix

(IPv6 only)

Enter the network prefix for the source IP address.
Destination IP Address Enter the destination IP address.
Destination Netmask

(IPv4 only)

Enter the netmask for the destination IP address.
Destination Prefix

(IPv6 only)

Enter the network prefix for the destination IP address.
Gateway IP Address Enter the IP address of the device to which packets that match the source/destination pair are forwarded.
Comment

(Optional)

 A comment for your own reference.