PBR (or PBF as Palo calls it), is a really great feature. Policy Based Forwarding (in the network world, we call it policy based routing) is a feature where you can control where packets go without using the routing table. You set a destination based on certain parameters that you define (like source, protocol, etc) and it catches this PBF policy BEFORE it hits the routing table. Here is how you test it in CLI, to verify it works the way you want it to.
PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source 192.168.1.5 destination 5.5.5.5 protocol 6 destination-port 443
"Exchange; index: 8" {
id 9;
from L3-Inside;
source 192.168.1.5;
destination any;
user any;
application/service any/any/any/any;
action Forward;
symmetric-return no;
forwarding-egress-IF/VSYS ethernet1/3;
next-hop 68.68.68.68;
terminal no;
}
Monday, February 11, 2019
Sunday, February 10, 2019
Sunday Thought:
No real thought in particular here. I just pray that God will bless your life and that you will know the grace and love of our Lord and Savior Jesus (Yeshua) Christ, the Messiah that was written about in the Old Testament.
Subscribe to:
Posts (Atom)