| Home Prev |  cOS Core 14.00.15 Administration Guide
|
Next |
|---|
cOS Core provides the ability to route different types of applications using different routing tables. This feature combines the application control and routing aspects of cOS Core. A discussion of just the application control feature can be found in Section 3.7, Application Control.
However, note that the application types that can determine routing table selection is a limited subset of all the application types in the application control subsystem. This subset appears as a drop down menu in the Web Interface during IP policy setup. The reason for the subset is that application-based routing requires that routing table selection is based only on a connection's first packet and this is only possible with some applications.
The steps to set this up in the Web Interface are as follows:
If it does not already exist, create a new Routing Table that will be used for routing a specific application. If all lookups in this table are to be kept only to this table, specify the value Only for the table's Ordering property.
Populate the new table with the appropriate Route entries. The only entry might just route all-nets traffic on a particular interface and it would include the gateway address if it is an ISP.
Create an IP Policy rule set entry with an action of Allow that triggers on the traffic that is to be routed. Make sure that the policy is placed above any rule set entries that will trigger on similar non-application specific traffic.
Enable the property Application Filter in the IP Policy and specify the target application to filter the first packet on from the drop-down list.
Note that this property is not normally used when configuring the more general Application Control feature (described in Section 3.7, Application Control). Also note that the property could be enabled without enabling application-based routing, in which case it just acts like any other IP policy filtering parameter.
Enable the property Application-based Routing in the IP Policy and select the routing table to use from the drop-down list
The configuration changes can now be saved and deployed. The CLI setup differs only slightly, as illustrated in the example below.
Example 4.23. Setting Up Application-based Routing
This example shows how to direct Windows update traffic for protected clients on lan_net through an alternate ISP connection to the Internet. Such traffic will be NATed through the cOS Core interface called wan2.
Command-Line Interface
A. Create a new Routing Table:
Device:/> add RoutingTable rt_isp2 Ordering=OnlyB. Add an all-nets Route:
Device:/>cc RoutingTable rt_isp2Device:/rt_isp2>add Route Interface=wan2 Network=all-nets Gateway=isp2_gw_ip
C. Create an IP Policy that references the Routing Table:
Device:/> add IPPolicy Name=windows_update_traffic
SourceInterface=lan
SourceNetwork=lan_net
DestinationInterface=wan2
DestinationNetwork=all-nets
Service=all_services
Action=Allow
SourceAddressTranslation=NAT
NATSourceAddressAction=OutgoingInterfaceIP
AppFilter=Yes
AppFilterList=windows_update
AppRouting=Yes
AppRoutingTable=rt_isp2InControl
Follow similar steps to those used for the Web Interface below.
Web Interface
A. Create a new Routing Table:
B. Add an all-nets Route:
C. Create an IP Policy that references the Routing Table:
