Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


policy (advanced-policy-based-routing)


Hierarchy Level


Configure advanced policy-based routing (APBR) policies.

You can create APBR policies for a security zone and apply advanced policy-based routing (APBR) profiles on the traffic that matches the policy.

In the APBR policy, you can define source addresses, destination addresses, and applications as match conditions; and after a successful match, the configured APBR profile is applied as an application services for the session.

The routing instance associated with APBR profile includes a static route and next hop configured. The matching traffic arriving at the trust zone is forwarded to a specific device or interface as specified by the next-hop IP address.


When using specific address or address set in the APBR policy rule, we recommend to use the global address book. Because, zone specific rules might not be applicable for destination address, as the destination zone is not known at time of policy evaluation.


policy policy-name

Specify the name of the APBR policy.


Specify descriptive text for the APBR policy.


Specify an APBR policy match-criteria.


Define the source address as the matching criteria.


Define the destination address as the matching criteria.


Name of the predefined or custom application or application set used as match criteria.


Exclude destination addresses.


Exclude source addresses.


Specify users and roles to be used as the match criteria.

scheduler-name scheduler-name

Specify the name of the scheduler to associate with APBR policy.

Schedulers allow you to activate a policy for a specified duration. To define a scheduler for a APBR policy, you must first create a scheduler and then refer the scheduler in your policy configuration.

When a scheduler times out, the associated policy is deactivated. All sessions associated with the policy are subsequently timed out only if policy-rematch is used.


Specify the policy action to be performed when packets match the defined criteria.


Enable application services within a security policy. the following application services is supported:

  • advance-policy-based-routing-profile apbr-profile-name—Specify the advanced policy-based routing (APBR) profile.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.2R1