End-of-Life (EoL)

Policy Based Forwarding Forwarding Tab

Select the
tab to define the action and network information that will be applied to traffic that matches the forwarding policy. Traffic can be forwarded to a next-hop IP address, a virtual system, or the traffic can be dropped.
Select one of the following options:
  • Forward
    —Specify the next hop IP address and egress interface (the interface that the packet takes to get to the specified next hop).
  • Forward To VSYS
    —Choose the virtual system to forward to from the drop-down.
  • Discard
    —Drop the packet.
  • No PBF
    —Do not alter the path that the packet will take. This option, excludes the packets that match the criteria for source/destination/application/service defined in the rule. Matching packets use the route table instead of PBF; the firewall uses the route table to exclude the matched traffic from the redirected port.
Egress Interface
Directs the packet to a specific Egress Interface
Next Hop
If you direct the packet to a specific interface, specify the Next Hop IP address for the packet.
Enable Monitoring to verify connectivity to a target
IP Address
or to the
Next Hop
IP address. Select
and attach a monitoring
(default or custom) that specifies the action when the IP address is unreachable.
Enforce Symmetric Return
Required for asymmetric routing environments
) Select
Enforce Symmetric Return
and enter one or more IP addresses in the
Next Hop Address
Enabling symmetric return ensures that return traffic (such as from the Trust zone on the LAN to the internet) is forwarded out through the same interface through which traffic ingresses from the internet.
To limit the days and times when the rule is in effect, select a schedule from the drop-down. To define new schedules, refer to Settings to Control Decrypted SSL Traffic.

Recommended For You