Skip to main content

Routing

Used to redirect network traffic passing through SafeUTM.

It has a number of advantages over some other traditional routing systems. Among them are:

  • The ability to specify the source network directly in the route.
  • Adaptivity function (in case of gateway or interface unavailability, the route search will continue according to the following routing rules).

It is possible to route local and external networks in the SafeUTM web interface. You can create and edit routes via the SafeUTM web interface in the section Services -> Routing.

To organize access to remote networks via a router on a local network, read the article by following the link.

Routing of LANS

Local area network routing operates within the local area network and does not have a Source address field when adding a route. To add a new route, go to the Local area networks routing tab and click Add:

  • Destination address – select the objects that this rule will apply to when accessing. Possible types of objects: IP address, subnet.
  • Gateway – select the object through which the traffic will be routed. Possible types of objects: network interfaces, IP addresses.
  • Comment – an optional field for describing the route. Maximum 128 characters.

Routing of External Networks

To add a new route, go to the routing tab of WAN routes and click Add. A route creation form will open on the page:
1. Routing.png

Description of each option:

  • Source address ­– select the objects for which this rule will be applied. Possible types of objects: groups, users, IP address, domain, IP address range, subnet, and address list.
  • Destination address – select the objects that this rule will apply to when accessing. Possible types of objects: groups, users, IP address, domain, IP address range, subnet, and address list.
  • Gateway – select the object through which the traffic will be routed. Possible types of objects: network interfaces, IP addresses.
  • Use only if the specified gateway is available (adaptive property) – if this property is enabled, then if the gateway or interface is unavailable, the route search will continue according to the following routing rules, and if the property is disabled (by default), traffic is sent to the selected gateway or interface. If the gateway is unavailable or the interface does not work, then such traffic will be dropped (destination unreachable).
  • Comment – an optional field for describing the route. Maximum 128 characters.

After saving the route, the page looks like this:
2. Routing.pngArrow icons increase or decrease the priority of the rule execution.

There is a status Activating in the table. It has two states:

State

Description

3. Routing.png

The route is active, and traffic falling under the conditions of the route will be redirected to the specified Gateway.

4. Routing.png

The route is not active, and traffic falling under the conditions of the route will not be this rule.

Traffic that does not fall under the conditions of the routing rules, or with object Any as a gateway, will be sent to Channel Aggregation & Failover.

Examples of popular routes

When routing traffic through connections to the provider, it is important to understand that most often one route is not enough, you will also need to redefine the address using SNAT, otherwise, such a route simply will not work. SNAT can be configured using a firewall.

Task: any traffic to subnet 150.1.0.0/16 needs to be directed to the local gateway


5. Routing.png

Task: all user traffic from the group Accounting needs to be directed through the gateway of the selected network interface


6. Routing.png

If you are setting up a route to remote network access via an additional router located on the same LAN as the clients, make sure that you have avoided "asymmetric routing" and moved the router to the DMZ.

Back to top