Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Source-based Routing

  1. Last updated
  2. Save as PDF

When configuring routing for traffic in your network, you can let routing decisions be based on the source IP address. This routing method is known as source-based routing.

Using this method you can separate the management traffic that an administrator creates when accessing the user interface of a Web Gateway appliance from the traffic that the administrator or end users create when accessing the web. The two kinds of traffic can also be protected by a separate firewall for each of them.

To implement the method, you allow administrator access to the user interface only through a particular network interface on the appliance. This network interface is the management network interface, while a different network interface is configured for access to the web.

You can also configure that monitoring information, for example, SNMP messages, must access the appliance through the management network interface.

After passing through the management interface, traffic can be identified for further routing by its source IP address, which is the address of the management interface.

Configuring the routing for this traffic includes two main steps:

  1. Configuring a routing table
  2. Configuring a route within this table

The source IP address is specified in both steps to ensure that traffic with this address is routed according to a particular table and route.

Different routing tables can be configured and entered in a list on Web Gateway while different routes can be configured for each table.

You can configure routes for use under IPv4 or IPv6, depending on which version of this protocol is followed within your network.

Configure source-based routing for a management network interface

Configure source-based routing to separate other traffic from traffic that has a management network interface as its source.

  1. Select Configuration | Appliances.
  2. On the appliances tree, select the appliance you want to configure source-based routing on.
  3. Configure use of the management network interface for administrator access to the user interface.
    1. Click User Interface.
    2. Under HTTP Connector, proceed as follows.
      • Make sure Enable local user interface over HTTP is selected.
      • In the HTTP connector field, type the IP address and listener port of the management network interface.
  4. Configure use of the management network interface for SNMP messages.
    1. Click SNMP.
    2. Under SNMP Port Settings, click the Add icon on the toolbar of the Listener address list.
      The Add SNMP Listeners window opens.
    3. In the Listener address field, type the IP address and listener port of the management network interface.
    4. Click OK.
      The window closes and the listener address appears in the list.
  5. Configure source-based routing for traffic that is sent and received through the management network interface.
    1. Click Static Routes.
    2. Under Source-based routing, select Source-based routing for IPv4 or Source-based routing for IPv6, depending on the IP version used in your network.
      Two lists for configuring source-based routing appear.
    3. On the toolbar of the Static source routing table number list, click the Add icon.
      The Add ApplianceSourceBasedRoutingTable window opens.
    4. Configure an entry for the routing table as follows.
      • In the Source information to look up routing table field, type the IP address of the management network interface.
      •  In the Routing table number field, type the number of the routing table for the traffic that is sent and received through the management network interface.
    5. Click OK.
      The window closes and the routing table entry appears in the list.
    6. On the toolbar of the Source-based routing list for IPv4 (or the list for IPv6), click the Add icon.
      The Add ApplianceSourceBasedRoutingIPv4 window (or the window for IPv6) opens.
    7. Configure a routing entry as follows.
      • In the Destination field, type the IP address range in CIDR notation for the destinations of the traffic that is sent through the management network interface.
      • In the Routing table number field, type the number of the routing table for the traffic that is sent and received through the management network interface.
      • In the Gateway field, type the IP address of the gateway for the traffic that is sent and received through the management network interface.
      • In the Device field, type the name of the network interface that you want to configure as the management network interface.
      • In the Source IP field, type the IP address of the network interface that you want to configure as the management network interface.
    8. Click OK.
      The window closes and the routing entry appears in the list.
  6. Click Save Changes.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.