How does a custom Application Signature Rule works in regards of Policy-Based Routing (PBR)

farhan Lv1Posted 26 Jan 2020 08:39


I would like to set up a Policy-Based Routing (PBR) in NGAF (version 8.0.17) where if the user shall be routed to ISP-A if they would like to access some specific websites. Otherwise, they shall be routed to ISP-B if they would like to access any other websites.

What I did:

1. I created a custom Application Signature Rule where I set the direction (LAN->WAN), Protocol TCP, Dst port and IP Address set to All, and I put the name of the domain name of the website in the Target Domain box.

2. I created a PBR rule where I set the Zone to LAN, Network Objects to All, Destination Network Objects to All, Protocol and Src/Dst Ports to All, and the Application set to the custom Application Signature Rule that I set at step 1. The egress is set to the interface that is linked to ISP-A.




Apparently, this PBR rule didn't work despite I put it at the highest position in the PBR rules list as the NGAF was routed the traffic to ISP-B (default route). May I know how can I achieve my objective and also how does a custom Application Signature Rule works in regards to Policy-Based Routing (PBR)?


By solving this question, you may help 361 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Park Bo Gart Lv2Posted 26 Jan 2020 17:49
it seems that there is no mistake in what you did. I also try this one and will give you feedback.

I Can Help:


Moderator on This Board


Started Topics



Board Leaders