Configure a Routing Policy

Before you begin

Create a Network Policy. For more information about router policies, see About Router Settings.

About this task

There are three Policy Types for policy-based routing: Split Tunnel, Tunnel All, and Custom. When routing is enabled and SD-WAN is disabled, you can use any of these routing policy types. When both routing and SD-WAN are enabled, you can only define custom routing rules. The Split Tunnel or Tunnel All options involve fewer routing considerations. If you configure the router to use Split Tunnel, the router applies the split tunnel template to the traffic, forwarding corporate traffic through the VPN tunnel and forwarding Internet traffic through the preferred interface to the Internet. If you configure the router to use Tunnel All, the router forwards corporate traffic through the VPN interface, but drops Internet traffic.

Procedure

  1. Select Enable Routing Policy under the Router Settings tab.
  2. If not selecting an existing policy, select ADD.
  3. Enter a name.
  4. Enter an optional description.
  5. Select a Policy Type:
    • Split Tunnel: Use the Forwarding Action drop-down list to choose the forwarding interface to drop or forward traffic to the Internet. Choose a Backup Forwarding Action secondary interface from the drop-down list to drop or forward traffic to the Internet in the event that the primary interface goes down.
      • None: Takes no forwarding action.
      • Primary WAN: Routes traffic through the interface designated as the primary WAN interface in the device template. By default, the primary WAN interface on an Extreme Networks branch router is ETH0.
      • Backup WAN-1: Routes traffic through the interface designated as the backup WAN interface in the device template.
      • Backup WAN-2: Routes traffic through the interface designated as the secondary backup WAN interface when there are three interfaces in WAN mode. By default, the Backup WAN-2 interface on a router is the wireless USB modem.
      • VPN: Routes traffic through the tunnel interface on a router that connects a branch site to the corporate site through an IPsec VPN tunnel.
      • Drop: Drops traffic rather than forwarding it.
      Note

      Note

      The routes for Forwarding Action and Backup Forwarding Action cannot be the same.
    • Tunnel All: Read-only.
  6. If you choose the Custom Policy Type, select Add and select these options:
    1. Choose a Source Type:
      • Any: Use when you want a routing policy rule to apply to traffic from any source.
      • Network: Use when you want a rule to apply to traffic from an entire subnetwork, such as a network reserved for contractors and guests.
      • IP Range: Use when you want a rule to apply to traffic from a range of IP addresses, such as the addresses in a DHCP pool reserved for a specific group of users.
      • Interface: Use when you want to apply a rule to all traffic arriving at a specific interface.
      • User Profile: Use when you want to apply rules to specific types of users.
      • Application Service Set: Use to apply rules to specific application types.
    2. Choose a traffic Destination.
      • Any: The rule applies to any traffic destination.
      • Network Address: Sets a specific host name, subnet, or IP address range as the destination.
      • Private: The rule applies to traffic destined to the corporate network (VPN).
    3. Select Forwarding Actions and Backup Forwarding Actions as described under Split Tunnel above.
  7. To configure Path MTU Discovery, see Configure Path MTU Discovery.
  8. For more information, see Configure a Router Firewall Policy, Configure Dynamic DNS, and Configure URL Filtering Rules.

What to do next

Continue configuring the network policy.