Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

policy (advanced-policy-based-routing)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 18.2R1

Description

Configure advanced policy-based routing (APBR) policies.

You can create APBR policies for a security zone and apply advanced policy-based routing (APBR) profiles on the traffic that matches the policy.

In the APBR policy, you can define source addresses, destination addresses, and applications as match conditions; and after a successful match, the configured APBR profile is applied as an application services for the session.

The routing instance associated with APBR profile includes a static route and next hop configured. The matching traffic arriving at the trust zone is forwarded to a specific device or interface as specified by the next-hop IP address.

Note

When using specific address or address set in the APBR policy rule, we recommend to use the global address book. Because, zone specific rules might not be applicable for destination address, as the destination zone is not known at time of policy evaluation.

Options

policy policy-nameSpecify the name of the APBR policy.
descriptionSpecify descriptive text for the APBR policy.
matchSpecify an APBR policy match-criteria.
source-addressDefine the source address as the matching criteria.
destination-addressDefine the destination address as the matching criteria.
applicationName of the predefined or custom application or application set used as match criteria.
destination-address-excludedExclude destination addresses.
source-address-excludedExclude source addresses.
source-identitySpecify users and roles to be used as the match criteria.
thenSpecify the policy action to be performed when packets match the defined criteria.
application-servicesEnable application services within a security policy. the following application services is supported:
  • advance-policy-based-routing-profile apbr-profile-name—Specify the advanced policy-based routing (APBR) profile.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Related Documentation