HP VPN Firewall Appliances Network Management Configuration Guide
541
Table 56 Priorities and meanings of apply clauses
Clause Meanin
g
Priorit
y
apply
output-interface and
apply ip-address
next-hop
Sets the output interface and
sets the next hop.
The apply output-interface clause takes precedence
over the apply ip-address next-hop clause. Only the
apply output-interface clause is executed when both
are configured.
apply default
output-interface and
apply ip-address
default next-hop
Sets the default output
interface and sets the default
next hop.
The apply default output-interface clause takes
precedence over the apply ip-address default next-hop
clause. Only the apply default output-interface clause
is executed when both are configured.
They take effect only when no output interface or next
hop is set or the output interface and next hop are
invalid, and the packet does not match any route in the
routing table.
Relationship between the match mode and clauses on a node
Does a packet match all the
if-match clauses on the node?
Match mode
p
ermit
den
y
Yes
PBR executes the apply clause on
the node.
The packet is forwarded according
to the routing table.
No
PBR matches the packet against
the next node.
PBR matches the packet against the
next node.
All packets can match a node where no if-match clauses are configured.
If a permit-mode node has no apply clause, packets matching all the if-match clauses of the node are
forwarded according to the routing table.
If a node has no if-match or apply clauses configured, all packets can match the node and are
forwarded according to the routing table.
PBR and Track
You can use Track to monitor the output interface, default output interface, next hop, and default next hop
for PBR so that PBR can discover link failures faster. PBR takes effect when the status of the associated
track entry is positive or invalid.
For more information about Track-PBR collaboration, see High Availability Configuration Guide.