Policy Routes

The Policy Routes page allows the user to use the Split Tunnel and Application-Based Routing feature in the SD-WAN interface. This feature is used to route traffic through specific WAN Profiles based on source networks, destination IPs, domain names, applications, or protocols.

From this screen, users can define custom routing policies that send selected traffic through a preferred WAN Profile or VPN tunnel. Each policy can match traffic based on the Source Networks (where the traffic originates), Destination IP ranges, Domain / FQDNs (Fully Qualified Domain Name), Applications (e.g., Zoom, Office 365, Social Media), Protocols (TCP/UDP).

This gives granular control over how different traffic categories are routed across available WAN links.

Overview

Traditionally, routing decisions were made based only on the source network—meaning every device or VLAN could be tied to a single WAN profile.

With the new Policy Routing / Split Tunnel capability, routing can now be controlled based on:

• Source Network (where the traffic originates)

• Application (e.g., YouTube, Zoom, Office 365)

• Destination IP/Subnet

• Destination Domain / FQDN

• Protocol (TCP / UDP)

Accessing the Policy Routing Page

• Select SD-WAN from the left menu bar.

• Select Policy Routes tab. The user will see a table listing all existing policy routing rules.

Policy Routes Table

The table contains the following columns:

• Policy # – The rule number in order of priority

• Policy Name – Name given to the route

• WAN Profile / VPN – The WAN or VPN through which selected traffic will be routed

• Source Network(s) – Networks that this policy applies to

• Destination – IPs, Domains, or Applications targeted

• No. of Packets – Counters showing how many packets matched the rule

• Actions – Enable/Disable, Edit, and More Options

This allows admins to quickly see which routing rules are active and what WAN links they affect.

Adding a New Policy Route

• Click Add Policy Route on the top right of the Policy Routes screen. A configuration window opens with several fields.

• Enter the Policy Name. It is recommended to give a descriptive name.

• Select the WAN Profile or VPN tunnel that the traffic should use.

• Enter one or more source subnets in the Source Network(s) field. Only traffic originating from these networks is evaluated against this policy.

• Enter any Description if needed.

Destination

This section enables the user to define the destination type. Choose the category from the dropdown menu.

Available Categories:

1. Application

2. Domain

3. IP Subnet

4. Protocol (TCP/UDP)

Application-based routing

• By default, the Application category is selected. Therefore, the Application Rules field becomes available.

• Click the Application button to to view and select from predefined apps (e.g., Instagram, Facebook, Spotify, Google Meet, Zoom, AWS, Office 365).

• The user can also type application names manually (comma-separated) in the text box of the Application Rules section.

• Select the Add Policy Route button to save the policy route. This allows routing specific applications through a chosen WAN.

Domain routing

• Select the Domain category from the dropdown menu to set domain based routing. The Domain Rules field becomes available.

• Click under the Domain Rules section.

• Enter the name of the domain in one of the following formats.

  • domain.com

  • domain1.domain2.com

  • *.domain.com, where, * Can be any value.

• The user can enter multiple domain names.

• The user can also upload the rule list in CSV format. Click the CSV button to download the sample file.

• Enter the name of the domains in the subsequent rows in the sample file.

• Click the icon and browse the CSV file of the domain rule list.

• Upload the CSV file. The Domains entered in the file will be validated by the system and valid domains will be added in bulk.

• Select the Add Policy Route button to save the policy route.

IP & Port routing

• Select the IP & Port category from the dropdown menu to set IP & Port based routing. The IP & Port Rules field becomes available.

• Click under the IP & Port Rules section.

• Enter IP and port destination networks in one of the following formats.

  •  a.b.c.d

  • a.b.c.d/x

  • a.b.c.d:/x:y

  • a.b.c.d/x:y-z

  • a.b.c.d:y-z

  • a.b.c.d:y

  Where,

  x is a subnet, and its value can be from 0 (zero) to 32.

  y and z are port numbers, and its value can be from 0 (zero) to 65535.

  a/b/c/d are IP, and its value can be from 0 (zero) to 255.

• The user can enter multiple IP and ports.

• The user can also upload the rule list in CSV format. Click the CSV button to download the sample file.

• Enter the IP & Port in the subsequent rows in the sample file.

• Click the icon and browse the CSV file.

• Upload the CSV file. The IP & Ports entered in the file will be validated by the system and valid IP & Ports will be added in bulk.

• Select the Add Policy Route button to save the policy route.

Protocol routing

• Select the Protocol category from the dropdown menu to set Protocol based routing. The Protocol Rules field becomes available.

• Click the Protocols button to to view and select from predefined protocols.

• The user can also type protocol names manually (comma-separated) in the text box of the Protocol Rules section.

• Select the Add Policy Route button to save the policy route. This allows routing specific protocols through a chosen WAN.

• The rule will appear in the Policy Routes table.

• Use the toggle switch in the Actions column to Enable/Disable the rule.

• Policy Routes are evaluated from top to bottom.

• Traffic matches the first applicable rule, similar to a firewall rule chain.

• The user can reorder the policies using the icon under the Policy # column.