There are three Policy Types for policy-based routing:
Split Tunnel, Tunnel All, and
Custom. When routing is enabled and SD-WAN is disabled,
you can use any of these routing policy types. When both routing and SD-WAN are
enabled, you can only define custom routing rules. The Split
Tunnel or Tunnel All options involve fewer
routing considerations. If you configure the router to use Split
Tunnel, the router applies the split tunnel template to the traffic,
forwarding corporate traffic through the VPN tunnel and forwarding Internet traffic
through the preferred interface to the Internet. If you configure the router to use
Tunnel All, the router forwards corporate traffic through
the VPN interface, but drops Internet traffic.
-
Select Enable Routing
Policy under the Router Settings
tab.
-
If not selecting an existing policy, select ADD.
-
Enter a name.
-
Enter an optional description.
-
Select a Policy Type:
- Split
Tunnel: Use the Forwarding
Action drop-down list to choose the forwarding interface
to drop or forward traffic to the Internet. Choose a Backup Forwarding
Action secondary interface from the drop-down list to
drop or forward traffic to the Internet in the event that the primary
interface goes down.
- None: Takes no forwarding action.
- Primary
WAN: Routes traffic through the interface
designated as the primary WAN interface in the device template.
By default, the primary WAN interface on an Extreme Networks
branch router is ETH0.
- Backup
WAN-1: Routes traffic through the interface
designated as the backup WAN interface in the device
template.
- Backup
WAN-2: Routes traffic through the interface
designated as the secondary backup WAN interface when there are
three interfaces in WAN mode. By default, the Backup WAN-2
interface on a router is the wireless USB modem.
- VPN: Routes traffic through the tunnel
interface on a router that connects a branch site to the
corporate site through an IPsec VPN tunnel.
- Drop: Drops traffic rather than forwarding
it.
Note
The routes for
Forwarding Action and
Backup
Forwarding Action cannot be the same.
- Tunnel
All: Read-only.
-
If you choose the Custom Policy
Type, select Add and select these
options:
-
Choose a Source Type:
- Any: Use when you want a routing policy rule to
apply to traffic from any source.
- Network: Use when you want a rule to apply to
traffic from an entire subnetwork, such as a network reserved
for contractors and guests.
- IP
Range: Use when you want a rule to apply to
traffic from a range of IP addresses, such as the addresses in a
DHCP pool reserved for a specific group of users.
- Interface: Use when you want to apply a rule to
all traffic arriving at a specific interface.
- User
Profile: Use when you want to apply rules to
specific types of users.
- Application Service Set: Use to apply rules to
specific application types.
-
Choose a traffic Destination.
- Any: The rule applies to any traffic
destination.
- Network Address: Sets a specific host name,
subnet, or IP address range as the destination.
- Private: The rule applies to traffic destined
to the corporate network (VPN).
-
Select Forwarding Actions and Backup
Forwarding Actions as described under Split
Tunnel above.
-
To configure Path MTU
Discovery, see Configure Path MTU Discovery.
-
For more information, see Configure a Router Firewall Policy, Configure Dynamic DNS, and Configure URL Filtering Rules.
Continue configuring the network policy.