Skip to content

Policy Based Routing

Policy-based routing (PBR) is a network routing technique that allows traffic to be directed based on defined policies rather than just the destination IP address. Routing policies can be based on criteria such as source IP address, application type, user group or protocol. PBR provides more granular control over routing decisions, enabling administrators to optimize network traffic, enforce security policies, or manage bandwidth more effectively.

PBR Policy Overview

To create a Routing Policy, navigate to:

  1. Go to Routing > Routing Policies and click “Add Policy”
  2. Configure the criteria for your Routing Policy:
    • Name: The name of the policy
    • Network Source Specify the source IP or IP Range/s to be routed by the policy (optional)
    • Group: Specify a user group to be routed (optional)
    • Network Destination: Specify the destination target IP/s and Port/s
    • Application: Specify applications that require policy based routing
  3. Configure a Schedule: Scheduling can be used to specify the time/date the routing policy will be active (not required)
  4. Configure the action for the Policy:
    • Mandatory: If the policy action is Mandatory, matching traffic will only use the selected network connection and will null route traffic if the selected connection is down
    • Available: If the policy action is Available, matching traffic will use the selected network connection. If the configured network connection fails, it will automatically route traffic via the configured failover connections
    • Network Connection: Specify the Network Connection to route the traffic
  5. Click “Save”
  6. Click “Save changes ready to apply”
  7. Click “Applies all pending changes” > “Apply Changes”

Important

  • When using multiple routing policies, routing will always follow the first exact match
  • Policy-based routing source criteria use "AND" logic to match conditions, while policy services, including applications and network destinations, use "OR" logic. This distinction is important when setting up policy-based routing rules. Below are several examples Policy-based routing examples
  • Only applications with first packet classification are available for Policy Based Routing

PBR by Source Network

A Source Network Policy-based Route (PBR) is a network routing method that directs traffic based on the source address of the packet, instead of solely relying on the destination address. This approach provides granular control over routing decisions, allowing for different paths to be assigned to traffic originating from specific networks or devices. Policy-based routing can be utilised to enforce security measures, improve bandwidth efficiency, or direct traffic through designated gateways or network segments according to its source. To create a Source Policy-based Route navigate to:

  1. Routing > Routing Policies and click “Add Policy”
  2. Configure the "Network Source" criteria for your Routing Policy. This may include an IP address, IP range, network subnet, network connection, or zone. When using a network connection or network zone, all IPs within these networks will be routed.
  3. In "Action" configure network destination to route traffic to from the configured source network.
  4. Click “Save”
  5. Click “Save changes ready to apply”
  6. Click “Applies all pending changes” > “Apply Changes”

Network Source Criteria

Routing

Routing Policy Action

Routing Action

Routing Policy Stack

Routing Stack

Example Source Network Policy-based Route

In the following example, packets from network source IP 10.10.12.50 will be routed through the "WAN 1 Internet 1000Mbps" network connection.

  • The policy has a network source IP address of 10.10.12.50
  • The network connection set in "Action" is WAN 1 Internet 1000Mbps
  • Policy-based routing network source criteria use "AND" logic to match conditions

Based on the above source based route, traffic from 10.10.12.50 will be routed to "WAN 1 Internet 1000Mbps"

flowchart LR
    A[Client Device 10.10.12.50] --> B[Switch];
    B --> C{CyberEdge};
    C --> D[WAN 1 Internet 1000Mbps];
    C --> E[WAN 2];
    C --> F[WAN 3];

PBR by User Group

A User Group Policy-Based Route (PBR) is a network routing strategy that directs traffic based on a user's group membership rather than just their source IP address. By leveraging group-based PBR, network administrators can create routing rules tailored to the specific needs of the network, ensuring appropriate traffic flow. This method enhances security, optimizes network performance, and can be particularly beneficial in networks with minimal or no segmentation. To create a Source Policy-based Route navigate to:

  1. Routing > Routing Policies and click “Add Policy”
  2. In the "Groups" criteria, specify one or more user groups to be routed.
  3. In "Action" configure network destination to route traffic.
  4. Click “Save”
  5. Click “Save changes ready to apply”
  6. Click “Applies all pending changes” > “Apply Changes”

Group Source Criteria. The user group "Junior Students" will be routed

Routing

Routing Policy Action

Routing Group Action

Routing Policy Stack

Routing Stack Group

Policy-based Route by Group

In the following example, packets from devices within the "Junior Students Group" will be routed through the "WAN 1 Internet 1000Mbps" network connection.

  • The policy has a Group of "Junior Students Group"
  • The network connection set in "Action" is WAN 1 Internet 1000Mbps
  • Policy-based routing source criteria use "AND" logic to match conditions
flowchart LR
    A[Client Junior Students] --> B[Switch];
    B --> C{CyberEdge};
    C --> D[WAN 1 Internet 1000Mbps];
    C --> E[WAN 2];
    C --> F[WAN 3];

PBR by Application

Application Policy-Based Routing (APBR) offers several benefits for network management. By allowing routing decisions to be based on specific applications rather than just IP addresses or user groups, APBR ensures that critical applications receive priority and optimal network paths, enhancing overall performance and reliability. This approach also improves security by allowing the isolation of sensitive or high-priority applications from general network traffic. Additionally, APBR supports more efficient bandwidth usage by tailoring routing policies to the needs of each application, reducing congestion and improving the network experience. To create a Source Policy-based Route navigate to:

  1. Routing > Routing Policies and click “Add Policy”
  2. Configure the "Application" criteria for your Routing Policy by selecting the Applications to be routed
  3. In the "Action" section, configure the network destination to route traffic accordingly. It's crucial to consider the impact on traffic in the event of a WAN failure. For high-priority or business-critical application traffic, always set the policy action to "Available" to ensure that traffic matching this policy will automatically failover to the configured connections, maintaining balance and continuity during a failover scenario. (see Balance and Failover for more information)
  4. Click “Save”
  5. Click “Save changes ready to apply”
  6. Click “Applies all pending changes” > “Apply Changes”

Applications to be routed

Routing Application

Routing Policy Action

Routing Application Action

Routing Policy Stack

Routing Application Stack

Policy-based Application routing often involves combining multiple criteria to establish specific routing paths. Below are some examples of routing policies that utilise multiple criteri with applications, along with their intended purposes.

Policy-based Route with multiple criteria

In the following example, the Zoom application will be routed through the "WAN 1 Internet 1000Mbps" connection exclusively for users in the "example group" who have an IP address within the 10.10.0.0/24 range.

  • The policy has a network source of 10.10.0.0/24 and an AD group selection of "example group."
  • The policy has an application criteria for the "Zoom" application.
  • The policy is configured to route traffic over "WAN 1 Internet 1000Mbps" and has an "Available" policy action.

Policy-based Route by Application

In the following example, the routing policy is set up to ensure that software application updates, like those from Apple or Microsoft, are routed exclusively over "WAN 1 Internet 1000Mbps". If "WAN 1 Internet 1000Mbps" experiences a network failure, these application updates will not switch to the configured failover link. This approach is particularly useful for preventing less critical traffic, such as updates, from consuming excessive bandwidth during an outage.

  • The policy has no source configuration
  • The policy has an Application Tag criteria selected for "Software Updates"
  • The policy is configured to route traffic over "WAN 1 Internet 1000Mbps" and has a "Mandatory" policy action