Sophos XG Firewall Web Interface Reference and Admin Guide v16.5

Specify the source IPv4 address.

Source Interface

Select the source interface from the drop-down list.

Multicast IPv4 Address

Specify the multicast IPv4 address. For example, (224.0.2.0 - 239.255.255.255)

Destination Interface

Select destination interface(s) from the available options. You can select more than one destination interface.

| Configure | 364

Figure 357: Add Multicast Route

3. Click Save.

Policy Routing

Routers generally forward packets to the destination addresses based on the information available in their routing tables. With Policy Routing, you can make routing decisions based on the policies configured by the administrator.

You can selectively forward the packets based on different criteria such as source network, destination network, services and so on. If the packet matches the criteria defined in the policy routing then the packet will be forwarded to the gateway configured in the policy.

Firewall Rule can still override policy route decision, if primary and/or backup gateway is configured.

Benefits of Policy Routing include:

• Packets originating from different source networks and having same destination can be routed to different networks.

• You can distribute traffic requiring high bandwidth to use different Internet connection.

• You can implement policies to achieve failover/failback. For example: If you have two links MPLS and VPN link and if MPLS link fails then you can route your traffic that matches the policy to VPN link. When the MPLS link comes up, then traffic can be failed back to MPLS link.

Note: When device firmware is upgraded to SF-OS v16, source routes will be migrated as policy routes.

Manage Policy Route

This page displays a list of all the configured IPv4 and IPv6 policy routes.

You can also reorder the policy routes. To change the processing order, you can reorder policy routes by drag and drop action. Policy routes are evaluated top down in the order they appear on the Manage page until first match is made, after which subsequent policy routes are not evaluated.

The page also displays the status Up or Down for the gateways configured in the policy route.

Add Policy Route

1. Go to Configure > Routing > Policy Routing and click Add under IPv4/IPv6 Policy Route section.

2. Specify the Policy Route details.

Name

Specify a name for policy route.

Description

Specify a description for policy route.

| Configure | 365

Figure 358: About this Policy Route

3. Specify the Traffic Selector details.

Incoming Interface

Select the incoming interface receiving the packet.

Note: Deleting the incoming interface will also delete the policy route defined for the interface.

Source Networks

Select the source network(s) of the packet to be routed. A new network host can be created directly from this page itself or from System > Hosts and Services.

Destination Networks

Select the destination network(s) of the packet to be routed. A new network host can be created directly from this page itself or from System > Hosts and Services.

Services

Select the services(s) of the packet to be routed. These services allow you to specify precisely which kind of traffic should be processed. A new service/service group can be created directly from this page itself or from System > Hosts and Services.

DSCP Marking

Select the type of DSCP Marking to match the packets marked with the given DSCP value.

For available options, refer to

DSCP Values

.