Help on policy based routing vs static routes

Question

Hi all,

I just want to ask if policy based routing replaces static routes? We have 12 or so remote sites on IPSEC site to site VPN's and we have recently had done so ALL traffic goes up via the VPN to our data centre and out through our main firewall. but we also want to do so all remote sites can get to all the other 11 remote VPN sites.

Now for ALL traffic to go out via the VPN up to our main firewall we used policy based routes that is configured like the attached picture shows. But i am sure i had a firewall about a month ago when i could not get to another remote VPN site that i had to add a static route in as well. can someone please confirm/deny this behaviour? I do not really want to add in all our 26 networks into each remote VPN site into static routes if i dont have to.

Thank you in advance

Toshi_Esumi · Accepted Answer

My statement was based on what I've learned from the sentence in 5.6.2 NSE4 infrastructure study-guide below. Folks from FTNT, please tell me if not appropriate to share sentences in this forum directly from the NSE material. Then, I'll never do it again.

"Remember, for a policy route to forward traffic out a specific interface, there should be an active route for that destination using that interface in the routing table. Otherwise the policy route will not work."

Toshi_Esumi · Answer

You have to have proper routes in routing-table. PBR just choose one of them if mulitiple routes are available for a particular type (source, destination, service, and so on) of traffic you specify. PBRs never go into the routing-table.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded