Network > Routing > Routing Profiles > Filters
Table of Contents
11.2
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > SaaS Tenant List
- Objects > Custom Objects > SaaS User List
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > AI Security
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Traffic Objects
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Network > Routing > Routing Profiles > Filters
Descriptions of filtering selections for the Advanced
Routing Engine.
Add filters to apply to
profiles, for example, to easily and consistently apply settings
that control such things as route acceptance into the RIB, route
advertisements to peers, conditional advertisements, setting attributes,
route aggregation, and route redistribution.
Filters | Description |
|---|---|
Filters Access List | |
Name | Enter a name for the access list (maximum
of 63 characters). The name must start with an alphanumeric character,
underscore (_), or hyphen (-), and contain zero or more alphanumeric
characters, underscore (_) or hyphen(-). No dot (.) or space is
allowed. |
Description | Enter a description. |
Type | Select IPv4 or IPv6. |
Seq | Add an entry (rule)
and enter the sequence number of the rule in the list of rules for this
access list; range is 1 to 65,535. Leave
unused numbers between sequence numbers so you can insert additional rules
later. |
Action | Select Deny or Permit for
the entry. The access list ends with an implicit Deny Any. |
Source Address | (IPv4 only) Select one of the following:
|
Destination Address | (IPv4 only) Select one of the following:
|
Source Address | (IPv6 only) Select one of the following:
|
Exact Match of this address | (IPv6 only) Select to match only
the exact match of the IPv6 source address. Not available if the Source
Address is Any or None. |
Filters Prefix List | |
Name | Enter a name for the prefix list (maximum
of 63 characters). The name must start with an alphanumeric character,
underscore (_), or hyphen (-), and contain zero or more alphanumeric
characters, underscore (_) or hyphen(-). No dot (.) or space is
allowed. |
Description | Enter a description. |
Type | Select IPv4 or IPv6. |
Seq | Add an entry (rule)
and enter the sequence number of the rule in the list of rules for this
prefix list; range is 1 to 65,535. Leave
unused numbers between sequence numbers so you can insert additional rules
later. |
Action | Select Deny or Permit for
the entry. The prefix list ends with an implicit Deny Any. |
Prefix | Select one of the following:
|
Filters AS Path Access List | |
Name | Enter a name for the AS_Path access list
(maximum of 63 characters). The name must start with an alphanumeric
character, underscore (_), or hyphen (-), and contain zero or more
alphanumeric characters, underscore (_) or hyphen(-). No dot (.)
or space is allowed. |
Description | Enter a description. |
Seq | Add an entry (rule)
and enter the sequence number of the rule in the list of rules for this
access list; range is 1 to 65,535. Leave
unused numbers between sequence numbers so you can insert additional rules
later. |
Action | Select Deny or Permit for
the entry. AS Path access lists end with an implicit Permit
Any rule. Use an AS Path access list to deny autonomous systems. |
Aspath regex | Enter a regular expression for AS_PATH. |
Filters Community List | |
Name | Enter a name for the community list (maximum
of 63 characters). The name must start with an alphanumeric character,
underscore (_), or hyphen (-), and contain zero or more alphanumeric
characters, underscore (_) or hyphen(-). No dot (.) or space is
allowed. |
Description | Enter a description of the community list. |
Type | Select Regular, Large,
or Extended community. |
Seq | Add an entry (rule)
and enter the sequence number of the rule in the list of rules for this
list; range is 1 to 65,535. Leave
unused numbers between sequence numbers so you can insert additional rules
later. |
Action | Select Deny or Permit.
The list ends with an implicit Deny Any rule. |
Community | Select one of the well-known communities
from the list or enter a community. |
Filters Route Maps BGP | |
Name | Enter a name for the BGP route map (maximum
of 63 characters). The name must start with an alphanumeric character,
underscore (_), or hyphen (-), and contain zero or more alphanumeric
characters, underscore (_) or hyphen(-). No dot (.) or space is
allowed. |
Description | Enter a description of the route map. |
Entry Tab | |
Seq | Add an entry (rule)
and enter the sequence number of the rule in the list of rules for this
route map; range is 1 to 65,535. Leave
unused numbers between sequence numbers so you can insert additional rules
later. |
Description | Enter a description of the route map entry. |
Action | Select Deny or Permit. |
Match Tab | |
AS Path Access List | Select an AS Path access list. |
Regular Community | Select a community list for match criteria. |
Large Community | Select a community list for match criteria. |
Extended Community | Select a community list for match criteria. |
Metric | Enter a metric; range is 0 to 4,294,967,295. |
Interface | Select an interface. |
Origin | Select egp, igp, incomplete,
or none. |
Tag | Enter a tag; range is 1 to 4,294,967,295. |
Local Preference | Enter a local preference; range is 0 to 4,294,967,295. |
Peer | Select local (Static or Redistributed Routes) or none. |
IPv4 or IPv6 | Select IPv4 or IPv6 as
the address family on which to match. |
Address—Access List | Select an access list you created that specifies
the addresses to match. Default is None. |
Address—Prefix List | Select a prefix list you created that specifies
the prefixes to match. It matches the prefix received from a peer
or redistributed from another protocol. Default is None. |
Next Hop—Access List | Select an access list you created that specifies
the next hop to match. Default is None. |
Next Hop—Prefix List | Select a prefix list you created that specifies
the next hop to match. Default is None. |
Route Source—Access List | (IPv4 only) Select an access list
you crated that specifies the route source to match. Default is None. |
Route Source—Prefix List | (IPv4 only) Select a prefix list
you crated that specifies the route source to match. Default is None. |
Set Tab | |
Enable BGP atomic aggregate | Mark the route as a less specific route
because it has been aggregated. ATOMIC_AGGREGATE is a well-known discretionary
attribute that alerts BGP speakers along a path that information
has been lost due to route aggregation, and therefore the aggregate
path might not be the best path to the destination. When some router
are aggregated by an aggregator, the aggregator attaches its Router-ID
to the aggregated route into the AGGREGATOR-ID attribute and it
sets the ATOMIC_AGGREGATE attribute or not, based on whether the
AS_PATH information from the aggregated routers was preserved. |
Aggregator—Aggregate AS | Enter the Aggregator AS. The Aggregator
attribute includes the AS number and the IP address of the router that
originated the aggregated route.The IP address is the Router ID
of the router that performs the route aggregation. Range is 1 to
4,294,967,295. |
Aggregator—Router ID | Enter the aggregator’s Router ID (usually
a loopback address). |
IPv4 or IPv6 | Select the type of address to set. |
IPv6 Nexthop Prefer Global Address | (IPv6 only) IPv6 has four address
types: link local address, global unicast address, anycast address, and
multicast address. IPv6 Nexthop Prefer Global Address causes
the firewall to prefer global unicast addresses. |
Source Address | Select the source address with /prefix length
to set. |
IPv4 Next-Hop | (IPv4 only) Select none, peer-address (Use
Peer Address), or unchanged. |
IPv6 Next-Hop | (IPv6 only) Select none or peer-address
(Use Peer Address). |
Local Preference | Enter local preference; range is 0 to 4,294,967,295. |
Tag | Enter tag; range is 1 to 4,294,967,295. |
Metric Action | Select None, set, add, or subtract. |
Metric Value | Enter metric; range is 0 to 4,294,967,295. |
Weight | Enter weight; range is 0 to 4,294,967,295. |
Origin | Select egp, igp, incomplete,
or none. |
Originator ID | Set an Originator ID. |
Delete Regular Community | Enter a Regular Community to delete. |
Delete Large Community | Enter a Large Community to delete. |
Regular Community—Overwrite Regular Community | Select to overwrite the Regular Community
with what is added in Regular Community field. |
Regular Community | Add a Regular Community. |
Large Community—Overwrite Regular Community | Select to overwrite the Large Community
with what is added in Large Community field. |
Large Community | Add a Large Community. |
ASPath Exclude | Add an AS_PATH to exclude. |
ASPath Prepend | Add an AS_PATH to prepend. |
Filters Route Maps Redistribution | |
Name | Enter a name for the Redistribution route
map (maximum of 63 characters). The name must start with an alphanumeric
character, underscore (_), or hyphen (-), and contain zero or more
alphanumeric characters, underscore (_) or hyphen(-). No dot (.)
or space is allowed. |
Description | Enter a description of the route map. |
Source Protocol | Select the source protocol being redistributed. |
Destination Protocol | Select the protocol to which routes are
being redistributed. |
Entry | |
Seq | Enter a sequence number; range is 1 to 65,535. Leave unused numbers between sequence numbers
so you can insert additional rules later. |
Description | Enter a description of the route map rule. |
Action | Deny or Permit the
matching routes from being redistributed. |
Match | |
AS Path Access List | Select an AS Path access list. |
Regular Community | Enter a regular community. |
Large Community | Enter a large community. |
Extended Community | Enter an extended community |
Metric | Range is 0 to 4,294,967,295. |
Interface | Select an interface. |
Origin | Select egp, igp, incomplete,
or none. |
Tag | Enter a tag; range is 1 to 4,294,967,295. |
Local Preference | Enter a local preference; range is 0 to 4,294,967,295. |
Peer | Select local (Static or Redistributed Routes) or none. |
Address—Access List | Select an access list. |
Address—Prefix List | Select a prefix list. |
Next Hop—Access List | Select an access list. |
Next Hop—Prefix List | Select a prefix list. |
Route Source—Access List | Select an access list. |
Route Source—Prefix List | Select a prefix list. |
Set | |
Metric Action | Select None, set, add, or subtract. |
Metric Value | Enter the value to set the metric
to, add to the metric, or subtract from
the metric of matching routes, based on your selection for Metric
Action. Range is 0 to 4,294,967,295. |
Metric Type | Select Type 1 or Type
2. |
Tag | Range is 1 to 4,294,967,295. |