Just when you thought that everything you ever wanted to do could be achieved with RIP, OSPF, or BGP, along comes policy-based routing ( PBR). Traditional routing only applies to layer 3 of the OSI stack. But what if you wanted to make routing decisions based upon, say, whether traffic was HTTP? This may sound odd, but there are actually several real-world situations when this functionality is needed.

Policy-based routing was introduced in Screen OS version 5.4. As mentioned earlier, you can use policy-based routing to make routing decisions based upon layer 4 protocol, source IP address, destination address, source port, destination port, and TOS bits.

Policy-based routing is composed of several different components. At first, this may seem a bit overwhelming, but really, it is a longsighted design. By splitting up different aspects of policy-based routing into different components, you can granularly create different policies which reuse other parts. This technique can save you both time and effort when you need to create policy-based routing on a larger scale.

We will begin this chapter with an overview of the components, and their properties. We will then follow with some examples of how policy-based routing and its components are incorporated together to create customized routing policies.