Strata Cloud Manager
Manage: Policy Based Forwarding
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Manage: Policy Based Forwarding
Policy Based Forwarding allows you to override the routing table and is commonly used
to specify an alternate path for security or performance purposes.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
Policy Based Forwarding rules allow traffic to take an alternative path from the next
hop specified in the route table, and are typically used to specify an egress
interface for security or performance reasons.
Go to ManageConfigurationNGFW and Prisma AccessNetwork PoliciesPolicy Based Forwarding.
Use a Policy Based Forwarding rule to direct traffic to a specific egress interface
and override the default path for the traffic. Before you create a Policy Based
Forwarding rule, make sure you understand that the set of IPv4 addresses is treated
as a subset of the set of IPv6 addresses.
Use the following sections to configure a policy based forwarding rule:
- Source
- Zones—Add source zones.
- Interface—Add source interfaces.
- Addresses—Add source addresses, address groups, or regions and specify the settings.
- Users—Add the users and user groups to whom the policy applies.
- Destination
- Addresses—Add source addresses, address groups, or regions and specify the settings.
- Application and Services
- Application Entities—Select the applications you would like to route through alternative paths.A Policy Based Forwarding rule may be applied before the firewall has enough information to determine the application. Therefore, application-specific rules are not recommended for use with Policy Based Forwarding. Whenever possible, use a service object.You cannot use custom applications, application filters, or application groups in Policy Based Forwarding rules.
- Service Entities—Select the services and service groups you would like to route through alternative paths.
- Forwarding
- Action—You can set the Action to take when matching a packet by choosing from:
- Forward—Directs the packet to the specified Egress Interface.
- Discard—Drops the packet.
- No PBF—Excludes packets that match the criteria for source, destination, application, or service defined in the rule. Matching packets use the route table instead of PBF.
- Egress Interface—Select the network information for where you want to forward the traffic that matches your Policy Based Forwarding rule.
- Next Hop
- IP Address—Enter an IP address or select an address object of type IP Netmask to which to forward matching packets.
- FQDN—Enter an FQDN (or select or create an address object of type FQDN) to which to forward matching packets.
- None—No next hop mean the destination IP address of the packet is used as the next hop. Forwarding fails if the destination IP address is not in the same subnet as the egress interface.
- Monitor—Enable monitoring to verify connectivity to a target IP address or to the Next Hop IP address if no IP address is specified.