define the action and network information that will be applied to
traffic that matches the forwarding policy. Traffic can be forwarded
to a next-hop IP address, a virtual system, or the traffic can be
Select one of the following options:
—Specify the next hop IP address
and egress interface (the interface that the packet takes to get
to the specified next hop).
Forward To VSYS
—Choose the virtual
system to forward to from the drop-down.
—Drop the packet.
—Do not alter the path that
the packet will take. This option, excludes the packets that match
the criteria for source/destination/application/service defined in
the rule. Matching packets use the route table instead of PBF; the firewall
uses the route table to exclude the matched traffic from the redirected
as the Action so you can apply a Monitor profile
to the traffic. (You can’t apply a Monitor profile when the Action
doesn’t forward the traffic.) Monitor profiles monitor the IP address.
If connectivity to the IP address fails, Monitor profiles specify
Directs the packet to a specific Egress
If you direct the packet to a specific interface,
specify the Next Hop for the packet in one of the following ways:
—Select IP Address and select
an address object (or create a new address object) that uses an
IPv4 or IPv6 address.
—Select FQDN and select an address
object (or create a new address object) that uses an FQDN.
—There is no next hop; the packet
Enable Monitoring to verify connectivity
to a target
or to the
and attach a monitoring
that specifies the action when the IP address is unreachable.
Configure Monitor profiles and enable monitoring
so that if the egress interface fails or the route goes down, the
firewall takes the action in the profile and minimizes or prevents
the service interruption.
Enforce Symmetric Return
Required for asymmetric routing environments
and enter one or more IP addresses
Next Hop Address
symmetric return ensures that return traffic (such as from the Trust
zone on the LAN to the Internet) is forwarded out through the same
interface through which traffic ingresses from the internet.