R3166-R3206-HP High-End Firewalls Network Management Configuration Guide-6PW101
393
Reply from 10.1.1.1: bytes=200 time<1ms TTL=255
Reply from 10.1.1.1: bytes=200 time<1ms TTL=255
Reply from 10.1.1.1: bytes=200 time<1ms TTL=255
Ping statistics for 10.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The debugging information about PBR displayed on Firewall is as follows:
<Firewall>
*Jun 7 12:06:47:631 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2
*Jun 7 12:06:48:630 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2
*Jun 7 12:06:49:627 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2
*Jun 7 12:06:50:627 2009 Firewall PBR/7/POLICY-ROUTING: IP policy based routing
success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2
The preceding information shows that Firewall sets the next hop for the received packets to 151.1.1.2
according to PBR. The packets are forwarded via GigabitEthernet0/2.
Configuration guidelines
1. The outbound interface and default outbound interface must be P2P interfaces. For non-P2P
interfaces (broadcast interfaces and NBMA interfaces), such as Ethernet interfaces and
Virtual-Template interfaces, multiple next hops are available, and thus packets may not be
forwarded successfully.
2. The web supports only one outbound interface, nexthop, default outbound interface, and default
nexthop. For example, if two outbound interfaces are configured at the command line, the Web
interface displays only one of them; it displays the other one after the currently displayed one is
deleted.
3. To implement source address based PBR on a firewall device, you must specify the default filtering
action as denying packets to pass the firewall.