Add a Path Policy Rule

Path policy rules define network paths for application sessions to leverage. Path Policy Rules use network contexts, applications, destination zones, prefixes, ports, and protocols. You can directly add policy rules to a simple path stack by clicking a simple path stack and then clicking
Add Rule
. For advanced stacks, select a stack, then a policy set within the stack, and then add policy rules to the policy set.
  • Add a path policy rule to a simple path stack.
    1. Select
      Stacked Policies
      Path Stacks
      Select a Stack
      Add Rule
    2. Select an order for the rule.
      Policy rules follow explicit ordering and implicit ordering. In explicit ordering, each rule within a policy set has an order number that is used to explicitly order rules overriding an implicit order, a set of match criteria, and a set of actions. If two rules have the same order, then the rules follow implicit ordering wherein policy rules with more specific attributes get precedence over rules with less specific attributes.
      • Enter a
        for the policy rule, and optionally enter description and tags.
      • Enter an
        between 1-65535 for the policy rule.
        An order of 1 indicates the highest priority for the policy rule. The default is 1024.
      • (Optional)
        Disable Rule
        if you do not want the ION device to consider this rule.
    3. (Optional)
      Configure network contexts.
      • On the
        Network Contexts
        screen, select a previously configured
        Network Context
        or click the
        icon to create a network context.
    4. (Optional)
      Configure Prefixes.
      On the
      tab, select a
      Source Prefix
      and a
      Destination Prefix
    5. (Optional)
      Select applications.
      On the
      tab, select the applications to apply the policy rule. You can select 256 applications for one policy rule.
    6. Configure paths.
      On the
      tab, choose
      Active/Backup/L3 Failure Paths
      for the application from the drop-down list.
      Select an
      and a
      Circuit Category
      for a path. You cannot repeat a combination of an overlay and a circuit category for a policy rule.
      You must configure an active path. You can optionally configure backup paths and L3 failure paths. You can configure an L3 failure path without configuring a backup path.
      In ION devices running 5.2.1 and higher versions, the default setting moves flows back to the active path in the policy as soon as the active path becomes available.
    7. Select Service and DC Groups.
      Select Service & DC Groups, and then select Active/Backup Service & DC Groups from the drop-down.
      If the
      check box is selected, traffic will always transit through the Service and DC Groups. If not selected, traffic may or may not transit through the Service and DC Groups per policy. You cannot select
      , if you have selected at least one direct path in the
    8. Confirm the information displayed in the
      tab and then click
      Save & Exit
  • Add a path policy rule to an advanced path policy set.
    1. Select
      Stacked Policies
      Path Sets
      Select a policy set
      Add Rule
    2. Follow the steps above for adding a path policy rule to a simple policy stack.

Recommended For You