According to documentation and lab environment, we can only use source and destination IP criteria for match, it is not convenient, but ok, for example - what if i want to pass some traffic through global routing table, before redirecting to PBR:
pbr-map map1 seq1
match src-ip A.A.A.A dst-ip B.B.B.B
set next-hop default
pbr-map map1 seq2
match src-ip A.A.A.A dst-ip 0.0.0.0/0
set next-hop C.C.C.C
A.A.A.A is a host with service on it, A.A.A.A -> B.B.B.B we want to go win default routing table, traffic A.A.A.A -> 0.0.0.0 we want to go to the next-hop C.C.C.C - firewall appliance for example
Can we achieve this?
Best answer by Pete B
Our PBR implementation is Linux iprule-based, so we don't have a Cisco-like configuration like a make deny clause. You can maybe try configuring separate ACLs using the ACL syntax for dropping packets. We don't support the route default action at this time.