Policy-based routing (PBR) is a method of controlling how traffic is forwarded based on defined policies, rather than relying on the destination address in the routing table. In traditional routing, Route10 chooses the next hop by looking up the destination IP and following the best matching route. With PBR, administrators can apply additional logic to influence that decision based on other characteristics of the traffic, such as source IP, source network, destination, protocol, or port. 
 

PBR in Route10 allows directing traffic to a specific WAN, or load balancing it. The defined rules override the default behavior of failover or load balancing which is determined by the metrics on your WANs.
 

PBR policy is configured under Settings > Firewall > Policy Routing. The first-matching configured rule wins, and no further rules will be evaluated, so it’s important to order them to match as desired.
 

Note: Policy routing changes can only apply to new connections. Already-established connections cannot have their path changed, and will remain active on the WAN where they were established.

Configuration Examples

This section contains configuration examples for common scenarios. Browse to Settings > Firewall > Policy Routing for configuration.

Send One Host Out WAN2

For this example, we have one LAN host, 10.0.0.10, which we want to direct out WAN2. Click Add on the Policy Routing page, and populate the fields as follows.
 

Name: Edit the name as desired at the top.

Source: Custom, 10.0.0.10

Destination: Any

Sticky: Disable

Target: WAN2

Then click Save, and the policy will be immediately applied. 

If you want to send traffic out from an entire subnet (typically an entire VLAN) instead of a single host, simply enter the subnet, i.e. 192.168.1.0/24, instead.

Send Multiple Hosts out WAN2

When you want to direct more than one host out a non-default path, it’s easiest to use firewall groups. Here, we’ll send 10.0.0.10, 10.0.0.20, and 10.0.0.30 out via WAN2 using a single PBR rule. On the Policy Routing page, click Add.

Configuring the Group

Click the + by Source to add a new firewall group.

Name: at the top of the window, click the pencil icon to name the group as desired.

Type: Select IPv4 Network

Contents: populate the desired IPs here.
 

Then click Save, and close the group window to return to the PBR rule window.

You can also provide multiple subnets (effectively multiple VLANs) in a firewall group, as well.

Configuring the PBR Rule

Now you’ll be back at the PBR rule window, with the Source field automatically populated with your newly-created firewall group.

Name: click the pencil icon at the top and name the rule as desired.

Protocol: Choose Any unless you want to restrict to a subset of traffic.

Source: Leave it populated with your newly-created firewall group.

Destination: Leave it to Any unless you want to limit to certain specific destinations only.

Sticky: Disable

Target: WAN2

Click Save, and the configuration will be immediately applied.

Sending an Entire Network/VLAN out WAN2

If you would like to send an entire network out WAN2, like possibly a guest network to prevent them from using bandwidth on your primary WAN, simply add a rule like the previous examples specifying your desired network in the Source field or firewall group. For example, if you have a 10.0.2.0/24 guest network, choose Source “Custom” and populate 10.0.2.0/24 there, or create an IPv4 Network group containing 10.0.2.0/24 and choose it.

Failover Behavior

When you direct traffic to a specific WAN interface and it fails, currently the traffic will fall back to the remaining available WAN interface(s). Failback configuration options (or the ability to drop the traffic) will be added in the future, in case you want the traffic to be dropped instead of failing back.
 

PBR rules directing traffic to be load balanced will be sent via WAN interface(s) still up when one or more WANs fail.