PBR (or PBF as Palo calls it), is a really great feature. Policy Based Forwarding (in the network world, we call it policy based routing) is a feature where you can control where packets go without using the routing table. You set a destination based on certain parameters that you define (like source, protocol, etc) and it catches this PBF policy BEFORE it hits the routing table. Here is how you test it in CLI, to verify it works the way you want it to.
PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source 192.168.1.5 destination 5.5.5.5 protocol 6 destination-port 443
"Exchange; index: 8" {
id 9;
from L3-Inside;
source 192.168.1.5;
destination any;
user any;
application/service any/any/any/any;
action Forward;
symmetric-return no;
forwarding-egress-IF/VSYS ethernet1/3;
next-hop 68.68.68.68;
terminal no;
}
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.