topic Re: PBR Rules in Firewall and Security Management

PBR Rules

Matlu — Wed, 18 Oct 2023 23:11:51 GMT

Hello, everyone.

I currently have 2 links in our GW.

ISP + MPLS

We have a VLAN 192.168.8.0/24, which currently travels over the MPLS link.
From this VLAN, we have 1 IP 192.168.8.130 to which we have configured 1 PBR so that it's traffic can be output to the Internet, through the ISP link.

The problem is that having configured this PBR rule, the IP in question has lost connectivity with other VLANs that were already working prior to the configuration.

Is there any way to achieve through the PBR, tell the GW to only apply the PBR for Internet traffic (such as HTTPS, HTTP, DNS), and that any other traffic continues to work with the normal routing table?

Thanks for any comments.

Re: PBR Rules

the_rock — Thu, 19 Oct 2023 03:08:25 GMT

I think simple network diagram would help here.

Andy

Re: PBR Rules

Wolfgang — Thu, 19 Oct 2023 06:26:37 GMT

You can use a lot of parameters in your PBR, see Policy-Based Routing and Application-Based Routing in Gaia (checkpoint.com)

Inbound Interface at which a packet arrives.
Source IPv4 address and subnet mask.
Destination IPv4 address and subnet mask.
Destination Service Port Number (e.g., FTP, SSH, Telnet).
Protocol Number (e.g., TCP, UDP, ICMP).
Firewall Rule Number (introduced as a hidden feature in R80.40 for Application-Based Routing, such as Office365).