Overview


Policy based routing extends the scope of static routes by providing more flexible traffic handling capabilities. It allows routing based upon source address, service/application, and Destination address. Hence, it offers granular control for forwarding packets based upon a number of user defined variables like: Destination, Source, Application, User, Service or any combination of these.


This article contains Three (3) scenarios with which you can configure policy-based routing.

- Source Based Routing

- Service Based Routing

- Destination Based Routing


Below is Network Scenario (Diagram 1)



Scenario 1: Source Based Routing


- Configure all traffic originating from the Predefined Source Type.

- Below are the list of Source types that are supported by the Seqrite UTM device.

(For Better understanding refer above Diagram 1)



Configuration


Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network > Routing > Policy Based. Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters considering source IP range is 192.168.2.220- 192.168.2.230 from LAN network 192.168.2.0/24.


Parameter

Value

Description

Name
PBRForIPRange
Specify the name to identify the rule.
Position
1
As per provided position value, this PBR rule should be applied to the network traffic with first priority.
Source Interface
Eth0
PBR rule will be applied for the defined source Packets which are coming from interface eth0.
Source Type
IP-Range
Selected Source type as a IP-Range, from different types supported by device.
Source
IPRange1 (192.168.2.220- 192.168.2.230)
You can use the existing definition or create the new definition for the IP Range.
Service
Any
Service is identified based in source port or destination port or both. Here any means all services are allowed.
Route type
Interface Route
Traffic would be forwarded through the only WAN Interfaces
Target
Target :-eth1
Secondary Target :-eth2
Traffic would be forwarded via eth1, only if eth1 fails then only traffic would be forwarded through eth2.
Time category
 TimePolicy
PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00)
Destination Network
Any
Destination network is set to any Network.

























Click Apply to create rule.


Scenario 2: Service Based Routing

 

- These kind of PBR rule appeal to the traffic which is requesting for specific services.

-Based on the requirement, need to select the specific service definition. For Example Customer wants to create PBR for SMTP traffic.

(For Better understanding refer above Diagram 1)



Configuration


Login to Seqrite UTM Web Admin Console using Administrator profile and go to NetworkRoutingPolicy Based. Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters.


- Configure PBR rule for all SMTP traffic to be routed through eth1 interface.


Parameter

Value

Description

Name
ServicePBR
Specify the name to identify the rule.
Position
2
As per provided position value, this PBR rule should be applied to the network traffic with Second priority.
Source Interface
Eth0
PBR rule will be applied for the defined source Packets which are coming from interface eth0.
Source Type
Network
Network Traffic from defined Source network is allowed
Source
Local
Local policy defines 192.168.10.0/24 network
Service
SMTP
PBR rule will be applied only for SMTP service requests.
Route type
Interface Route
Traffic would be forwarded through the only WAN Interfaces
Target
Target :-eth1
Secondary Target :-eth2
Traffic would be forwarded via eth1,only if eth1 fails then only traffic would be forwarded through eth2.
Time category
 TimePolicy
PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00)
Destination Network
Any
Destination network is set to any Network.






















Click Apply to create rule.


Scenario 3: Destination Based Routing

 

- These kind of PBR rule appeal to the network traffic which is destined for specific Network/Host.

-it allows all traffic destined towards/originating from Web Server to be routed through Specific Gateway.

(For Better understanding refer above Diagram 1)


Configuration


Login to Seqrite UTM Web Admin Console using Administrator profile and go to Network > Routing > Policy Based.Toggle the status button to enable the PBR status & then Add a PBR Rule using following parameters.

- Configure PBR rule for all Web-server requests(originating from eth0 interface) to be routed through eth1 interface.


Parameter

Value

Description

Name
ServerPBR
Specify the name to identify the rule.
Position
3
As per provided position value, this PBR rule should be applied to the network traffic with third priority.
Source Interface
Eth0
PBR rule will be applied for the defined source Packets which are coming from interface eth0.
Source Type
Network
Network Traffic from defined Source network is allowed
Source
Local
Local policy defines 192.168.10.0/24 network
Service
Any
Service is identified based in source port or destination port or both.here any means all services are allowed.
Route type
Interface Route
Traffic would be forwarded through the only WAN Interfaces
Target
Target :-eth1
Secondary Target :-eth2
Traffic would be forwarded via eth1,only if eth1 fails then only traffic would be forwarded through eth2.
Time category
 TimePolicy
PBR rule is effective for a specific time mentioned in this policy.(I.e. 8:00 to 20:00)
Destination Network
Web-server(151.101.66.217)
PBR rule will be applied for the traffic which is destined towards the network, which is predefined in Web-server policy.
























-Click Apply to create rule.


-While creating the policy based routing rule for network traffic, we can specify the any combination of Source based, Service based & Destination based routing depending on the treatment that we want to apply on traffic.


Note: - We can configure above settings based on the IP address and FQDN is not supported.


For assistance please write us @ UTMSupport@Seqrite.com