Policy Based Forwarding applications

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Policy Based Forwarding applications

L0 Member

I realize that PBF application based routing is limited to a subset of applications supported.

We're specifically looking to use PBF for Outlook-Web-Online and it's not in the list but many other things are, like MS-OCS-* and SMTP, etc...

Do we know why some applications are listed and why?

Is it possible to make a feature request to support this application?

Thoughts?

Thanks.

2 REPLIES 2

L7 Applicator

Hello Kk555,

Not all Apps can be used for PBF, because the routing decision is made at sessions start, you can only use Apps that can be discovered at session start.

For your example:

google-docs-base has a dependency of web-browsing & SSL. At session start the PAN will discover web-browsing or SSL and make a routing decision

Once this decision is made the PAN will keep it for this Session.

This is why you can't select all Apps for PBF.

Please find below similar discussion thread:

Re: PBF rule - applications

Using Applications in PBF

PBF based on Apps

Re: APP limitation using PBF

Re: Policy Based Forwarding for Application "Ping"

Hope this helps.

Thanks

L7 Applicator

Here is a snippet from the admin guide for using apps with PBF:

"The initial session on a given destination IP address and port that is associated with an application will not match an application-specific rule and will be forwarded according to subsequentPBF rules (that do not specify an application) or the virtual router’s forwarding table. Allsubsequent sessions on that destination IP address and port for the same application willmatch an application-specific rule. To ensure forwarding through PBF rules, application specific rules are not recommended."

which means the PBF rule will not match 100% of the time. PBF routing is determined by the first packet and most of the apps we have are not identified with the first packet which implies this will take the normal routing route. After the app is identified, the subsequent sessions of the same app with same src and destn will match the PBF rule. Again, it is not recommended to use apps with PBF.

Thanks

  • 2975 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!