policy based routing summarize


Hi,
i have a question about policy based Routing!

I wirte the Poliy like this:

entry REDIRECT80 {
if {
source-address 192.168.81.0/24;
destination-address 192.168.100.0/24;
} then {
redirect 10.10.50.1;
}
}
entry REDIRECT220 {
if {
source-address 192.168.81.0/24;
destination-address 192.168.101.0/24
} then {
redirect 10.10.50.1;
}
}

is there a poibility to write this like that?

entry REDIRECT {
if match any {
source-address 192.168.81.0/24;
destination-address 192.168.100.0/24;
destination-address 192.168.101.0/24
} then {
redirect 10.10.50.1;
}
}

Cheers Alex

2 replies

hi.
i think that it was wrong summarize.

because " if match any" is "or" option.

summarize policy match condition is

source-address 192.168.81.0/24; or destination-address 192.168.100.0/24; or destination-address 192.168.101.0/24

it does not mean "src 192.168.81.0/24 and dst 192.168.100.0/24 "

////////////////////// this policy mean //////////////
entry REDIRECT {
if match any {
source-address 192.168.81.0/24;
destination-address 192.168.100.0/24;
destination-address 192.168.101.0/24
} then {
redirect 10.10.50.1;
}
}

>>>>>>>> If one of the three match condition is true, it will be redirected.
Userlevel 7
Before considering if you could do some logical AND and OR in the match condition, please note that your last entry is not the equivalent of the first two. The first two match a flow with specific source and destination, while the last would match (in your theory) a single condition.

But I don't think this is allowed, anyway, your policy would be rejected.

Reply