Policy Applications Configuring QoS
page 25-80 OmniSwitch AOS Release 7 Network Configuration Guide June 2013
Policy Based Routing can be used to redirect untrusted traffic to a firewall. In this case, note that reply
packets are not allowed back through the firewall.
In this example, all traffic originating in the 10.3 network is routed through the firewall, regardless of
whether or not a route exists.
-> policy condition Traffic3 source ip 10.3.0.0 mask 255.255.0.0
-> policy action Firewall permanent gateway ip 173.5.1.254
-> policy rule Redirect_All condition Traffic3 action Firewall
Note that the functionality of the firewall is important. In the example, the firewall is sending the traffic to
be routed remotely. If you instead set up a firewall to send the traffic back to the switch to be routed, you
must set up the policy condition with a built-in source port group so that traffic coming back from the fire-
wall does not get looped and sent back out to the firewall.
For example:
OmniSwitch
Routing all IP source traffic through a firewall
10.3.0.0
173.5.1.0
173.10.2.0
174.26.1.0
Firewall
173.5.1.254
OmniSwitch
Using a Built-In Port Group
10.3.0.0
173.5.1.0
173.10.2.0
174.26.1.0
Firewall
173.5.1.254
To Next Page
Loading...
Need help?
General