In addition to destination-based routing, like a core switch, router, or firewall, the Zero Trust Device Segmentation gateway can make policy-based routing decisions based on specific match criteria such as source addresses and transport layer (TCP/UDP ports).

To configure policy-based routing:

1. Go to Deployment > Sites.

2. In the Site Name column, click the name of the site to which you want to add policy-based routing.

   See image.

   

   Close

3. On the site details page, click the Routing Policy tab and then click Configure.

   See image.

   

   Close

4. Click Add route to add a routing policy.

   See image.

   

   Close

5. In the Add Routing Rule panel:

   • Rule Name: Enter a name for this routing rule.
   • Sources: Select the sources to which this policy applies. Select the Negate checkbox if you want the policy to apply to all sources except the ones selected.
   • Destinations: Select the destinations to which this policy applies. Select the Negate checkbox if you want the policy to apply to all sources except the ones selected.
   • Ports: Select the ports to which this policy applies. Select the Negate checkbox if you want the policy to apply to all sources except the ones selected.
   • Primary Nexthop IP: Enter the IP address of the primary router or gateway to which traffic should be routed.
   • Secondary Nexthop IP: Enter the IP address of the secondary router or gateway to which traffic should be routed.
   • Load balancing: Enable if you want to balance traffic between the primary and secondary nexthops.

   See image.

   

   Close

6. Click Save.
7. Test the connectivity to verify that the routing policy is in effect.