https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47196#M12094 What I am attempting to do is to push any outbound port 80 traffic (https too but not in this example) to the internet with a flow redirect command but skip if the traffic is local. So here's what I have so far: the ** are comments for the sake of this post. Does this make sense?<BR /> <BR /> ACL<BR /> <BR /> entry Allhttp {<BR /> if { <BR /> protocol tcp; <BR /> source-address 10.234.0.0/16;<BR /> destination-address 10.234.0.0/16; <BR /> source-port 80;<BR /> }<BR /> then { <BR /> Deny; ** in essence skip<BR /> }<BR /> <BR /> ** so if not the above do this. <BR /> <BR /> if { <BR /> protocol tcp; <BR /> source-address 10.234.0.0/16;<BR /> source-port 80;<BR /> }<BR /> then {<BR /> <BR /> redirect-name ToBluecoat; <BR /> count WebHTTP;<BR /> }<BR /> }<BR /> <BR /> Tue, 15 Aug 2017 02:09:00 GMT Dave_Bogdan 2017-08-15T02:09:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47196#M12094 What I am attempting to do is to push any outbound port 80 traffic (https too but not in this example) to the internet with a flow redirect command but skip if the traffic is local. So here's what I have so far: the ** are comments for the sake of this post. Does this make sense?<BR /> <BR /> ACL<BR /> <BR /> entry Allhttp {<BR /> if { <BR /> protocol tcp; <BR /> source-address 10.234.0.0/16;<BR /> destination-address 10.234.0.0/16; <BR /> source-port 80;<BR /> }<BR /> then { <BR /> Deny; ** in essence skip<BR /> }<BR /> <BR /> ** so if not the above do this. <BR /> <BR /> if { <BR /> protocol tcp; <BR /> source-address 10.234.0.0/16;<BR /> source-port 80;<BR /> }<BR /> then {<BR /> <BR /> redirect-name ToBluecoat; <BR /> count WebHTTP;<BR /> }<BR /> }<BR /> <BR /> Tue, 15 Aug 2017 02:09:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47196#M12094 Dave_Bogdan 2017-08-15T02:09:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47197#M12095 Hi Dave,<BR /> <BR /> The rules which you have mentioned needs to be modified a bit. <BR /> <BR /> Instead of "deny" using the "permit" action modifier will apply the normal forwarding logic.<BR /> <BR /> All the below rules must be in same policy file.<BR /> <BR /> <B><U>Here is a sample.</U></B><BR /> entry HTTP_PACKETS_TO_10.234.0.0 {<BR /> If match all {<BR /> Protocol TCP;<BR /> destination-port 80;<BR /> source-address 10.234.0.0/16;<BR /> destination-address 10.234.0.0/16;<BR /> } then {<BR /> permit;<BR /> }<BR /> }<BR /> <BR /> # same subnet but matching https traffic<BR /> entry HTTPS_PACKETS_TO_10.234.0.0 {<BR /> If match all {<BR /> Protocol TCP;<BR /> destination-port 443;<BR /> source-address 10.234.0.0/16;<BR /> destination-address 10.234.0.0/16;<BR /> } then {<BR /> permit;<BR /> }<BR /> }<BR /> <BR /> entry HTTP_to_other_than_10.234.0.0/16 {<BR /> if match all {<BR /> protocol TCP ;<BR /> destination-port 80 ;<BR /> source-address 10.234.0.0/16 ;<BR /> }<BR /> then {<BR /> redirect-name ToBluecoat; <BR /> count WebHTTP;<BR /> }<BR /> }<BR /> <BR /> entry HTTPS_to_other_than_10.234.0.0/16 {<BR /> if match all {<BR /> protocol TCP ;<BR /> destination-port 443 ;<BR /> source-address 10.234.0.0/16 ;<BR /> }<BR /> then {<BR /> redirect-name ToBluecoat; <BR /> count WebHTTPS;<BR /> }<BR /> }<BR /> <BR /> Here is an article on how to configure flow redirect.<BR /> <A href="https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-flow-redirect" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-flow-redirect</A><BR /> <BR /> I hope this is helps!<BR /> Tue, 15 Aug 2017 11:04:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47197#M12095 Karthik_Mohando 2017-08-15T11:04:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47198#M12096 Perfect!! Thank you. I'll test it later this week. Wed, 16 Aug 2017 05:07:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/help-writing-a-flow-redirect-acl/m-p/47198#M12096 Dave_Bogdan 2017-08-16T05:07:00Z