Creating an IP rule

You can create an IP rule in a CPE template or on a CPE device. IP rules created in the CPE template are automatically created on all CPE devices that use this CPE template.

To create an IP rule:

  1. Create an IP rule in one of the following ways:
    • If you want to create an IP rule in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and in the sidebar, select the PBR section.
    • If you want to create an IP rule on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and in the sidebar, select the PBR section.

    A table of IP rules is displayed.

  2. Click the + IP rule button.
  3. This opens a window; in that window, in the Priority field, enter the rule priority. Rules with a lower priority value are applied earlier. This value must be unique.
  4. In the IP Protocol drop-down list, select the IP protocol. The following values are possible:
    • TCP
    • UDP
    • ICMP
    • SCTP
    • AH
    • ESP
    • GRE
    • IPIP
  5. Under Source and Destination, specify source and destination settings for the IP rule as necessary:
    • Select the source or destination Type: host or network.
    • Depending on the selected Type, in the field below, specify the following:
      • Source or destination IP address if you selected the Host type (the caption of the field is then IP address.
      • Source or destination IP address and mask if you selected the Network type (the caption of the field is then IP/mask.
    • In the Port field, specify the source or destination port.

      You can enter a single value or a range of values from 1 to 65,535 with a hyphen, for example: 443, 1024-65535.

    • In the Network interface alias drop-down list, select the source (inbound) interface or destination (outbound) interface.

      If the inbound interface is a loopback interface, the rule matches only packets originating from this host. The outbound interface is available only for packets originating from local sockets bound to the device.

  6. In the Lookup VRF drop-down list, select the VRF to search for routes.

    If you select main/254, then under Destination, you need to specify a source IP address other than 0.0.0.0/0, otherwise the rule cannot be saved.

  7. Click Create.

    The IP rule is created and displayed in the table.

  8. In the lower part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top