Article
Policy Based routing example
In the following example, client PCs that are on the Internal and DMZ2 networks must have all of their outgoing HTTP and HTTPS traffic re-directed to a HTTP Proxy on the DMZ network. The HTTP Proxy will then establish a connection to the Internet for these web client requests. All other traffic, which originates from these Client PCs must egress directly from the External interface, onto the Internet.
Port1 and Port2 interfaces are configured with Static IPs. 'Ping Server' is configured on each interface. Two default routes with the same Distance, are also configured.
For further information, refer to the related articles "Conditions and Caveats of Policy Based Routing (MR7 and MR8)" and "Conditions and Caveats of Policy Based Routing (MR9)".
The route policy order presented below is important, as the rules are matched in the order of first to last entry.
config router static
edit 1
set device "port1"
set gateway x.x.x.x
next
edit 3
set device "port2"
set gateway y.y.y.y
next
end
config router policy
edit 1
set end_port 80
set input_device "port4"
set output_device "port2"
set protocol 6
set start_port 80
next
edit 2
set end_port 443
set input_device "port4"
set output_device "port2"
set protocol 6
set start_port 443
next |
edit 3
set input_device "port4"
set output_device "port1"
next
edit 4
set end_port 80
set input_device "port3"
set output_device "port2"
set protocol 6
set start_port 80
next
edit 5
set end_port 443
set input_device "port3"
set output_device "port2"
set protocol 6
set start_port 443
next
edit 6
set input_device "port3"
set output_device "port1"
next
edit 7
set input_device "port2"
set output_device "port1"
next
end | |
Related Articles
Technical Note : Policy Based Routing example : HTTP/HTTPS redirection. Configuration and troublesho...
Technical Note : Configuration example of Policy Based Routing and VIP for SMTP services in Dual Wan...
Technical Note: Routing behavior depending on distance and priority for static routes, and Policy Ba...
