Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

policy (advanced-policy-based-routing)

Syntax

Hierarchy Level

Description

Configure advanced policy-based routing (APBR) policies.

You can create APBR policies for a security zone and apply advanced policy-based routing (APBR) profiles on the traffic that matches the policy.

In the APBR policy, you can define source addresses, destination addresses, and applications as match conditions; and after a successful match, the configured APBR profile is applied as an application services for the session.

The routing instance associated with APBR profile includes a static route and next hop configured. The matching traffic arriving at the trust zone is forwarded to a specific device or interface as specified by the next-hop IP address.

Note:

When using specific address or address set in the APBR policy rule, we recommend to use the global address book. Because, zone specific rules might not be applicable for destination address, as the destination zone is not known at time of policy evaluation.

Options

policy policy-name

Specify the name of the APBR policy.
description

Specify descriptive text for the APBR policy.
match

Specify an APBR policy match-criteria.

source-address

Define the source address as the matching criteria.

destination-address

Define the destination address as the matching criteria.

application

Name of the predefined or custom application or application set used as match criteria.
destination-address-excluded

Exclude destination addresses.
source-address-excluded

Exclude source addresses.
source-identity

Specify users and roles to be used as the match criteria.
scheduler-name scheduler-name

Specify the name of the scheduler to associate with APBR policy.

Schedulers allow you to activate a policy for a specified duration. To define a scheduler for a APBR policy, you must first create a scheduler and then refer the scheduler in your policy configuration.

When a scheduler times out, the associated policy is deactivated. All sessions associated with the policy are subsequently timed out only if policy-rematch is used.
then

Specify the policy action to be performed when packets match the defined criteria.

application-services

Enable application services within a security policy. the following application services is supported:

  • advance-policy-based-routing-profile apbr-profile-name—Specify the advanced policy-based routing (APBR) profile.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.2R1

Related Documentation