Table of Contents
Advertisement
Policy Based Routing can be used to redirect untrusted traffic to a firewall. In this case, note that reply
packets are not allowed back through the firewall.
In this example, all traffic originating in the 10.3 network is routed through the firewall, regardless of
whether or not a route exists.
-> policy condition Traffic3 source ip 10.3.0.0 mask 255.255.0.0
-> policy action Firewall permanent gateway ip 173.5.1.254
-> policy rule Redirect_All condition Traffic3 action Firewall
Note that the functionality of the firewall is important. In the example, the firewall is sending the traffic to
be routed remotely. If you instead set up a firewall to send the traffic back to the switch to be routed, you
must set up the policy condition with a built-in source port group so that traffic coming back from the fire-
wall does not get looped and sent back out to the firewall.
For example:
OmniSwitch AOS Release 7 Network Configuration Guide
10.3.0.0
OmniSwitch
Routing all IP source traffic through a firewall
10.3.0.0
OmniSwitch
Using a Built-In Port Group
173.10.2.0
Firewall
173.5.1.0
173.10.2.0
Firewall
173.5.1.0
March 2011
174.26.1.0
173.5.1.254
174.26.1.0
173.5.1.254
page 21-75
Advertisement
Table of Contents
