Example: Configuring Policy-Based Routing (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

Example: Configuring Policy-Based Routing (NSM Procedure)

352
To configure policy-based routing for a security device:
In the NSM navigation tree, select Device Manager > Devices.
1.
Select a security device and then double-click the device on which you want to define
2.
forced timeout. The device configuration appears.
In the device navigation tree, select Network > Virtual Router.
3.
Click New to view the configuration page.
4.
In the virtual router navigation tree, select access list and configure the options for
5.
access list 10:
Extended ACL ID: 10
Sequence Number: 1
Source IP Address/Netmask: 172.18.1.10/32
Destination Port: 80-80
Protocol: TCP
Click OK to return to the access lists.
Click New to configure a second entry for access list 10 and configure the following
6.
options:
Extended ACL ID: 10
Sequence Number: 2
Source IP Address/Netmask: 172.18.2.10/32
Destination Port: 443-443
Protocol: TCP
In the virtual router navigation tree, select Policy-based, and click New in the Match
7.
Group tab to configure the match group:
Match Group Name: left_router
Sequence Number: 1
Extended ACL: Select 10 from the drop down list.
In the virtual router navigation tree, select Policy-based, and click New in the Action
8.
Group tab to view the configuration page.
In the virtual router navigation tree, select Policy-based, and click New in the Policy
9.
tab to view the configuration page. Each PBR policy needs to have a unique name.
Use the policy binding tabs in the configuration page to bind policies.
10.
Copyright © 2010, Juniper Networks, Inc.