Kaspersky SD-WAN
- Kaspersky SD-WAN Help
- About Kaspersky SD-WAN
- Architecture of the solution
- Deploying Kaspersky SD-WAN
- Redundancy of solution components
- About the installation archive
- About the attended, unattended, and partially attended action modes
- Preparing the administrator device
- Managing passwords
- Preparing the configuration file
- Replacing the graphics of the orchestrator web interface
- Replacement of a failed controller node
- Upgrading Kaspersky SD-WAN
- Removing Kaspersky SD-WAN
- Logging in and out of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- User interface of the solution
- Navigating to the orchestrator API
- Managing the Kaspersky SD-WAN infrastructure
- Managing domains
- Managing data centers
- Managing management subnets
- Managing controllers
- Managing a VIM
- Managing users and their access permissions
- Multitenancy
- Managing CPE devices
- About the interaction of the CPE device and the orchestrator
- About the interaction of the CPE device and the controller
- Default credentials of KESR CPE devices
- Registering CPE devices
- Scenario: Automatic registration of a CPE device using the Zero Touch Provisioning technology.
- Scenario: Deploying a vCPE device on the VMware virtualization platform and registering it using the Zero Touch Provisioning technology
- Scenario: Re-registering a CPE device
- Resuming CPE device registration in case of an error
- Managing CPE templates
- Managing CPE devices
- Adding a CPE device
- Generating an URL with basic CPE device settings
- Manually registering a CPE device
- Unregistering a CPE device
- Specifying the address of a CPE device
- Enabling and disabling a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Connecting to the CPE device console
- Viewing the password of a CPE device
- Exporting orchestrator and controller connection settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Changing the DPID of a CPE device
- Deleting CPE devices
- Two-factor authentication of a CPE device
- Managing certificates
- Automatically deleting and disabling CPE devices
- Grouping CPE devices using tags
- Configuring logs on CPE devices
- Specifying NTP servers on CPE devices
- Managing modems
- Updating firmware
- Manually updating firmware on a CPE device
- Uploading firmware to the orchestrator web interface
- Scheduling firmware updates on selected CPE devices
- Scheduling firmware updates on CPE devices with specific tags
- Restoring firmware of a KESR-M1 CPE device
- Restoring firmware of a KESR-M2-5 CPE device
- Correspondence of CPE device models with firmware versions
- Deleting firmware
- Additional configuration of CPE devices using scripts
- Managing network interfaces
- Creating network interfaces
- Creating a network interface with automatic assignment of an IP address via DHCP
- Creating a network interface with a static IPv4 address
- Creating a network interface with a static IPv6 address
- Creating a network interface for connecting to an LTE network
- Creating a network interface for connecting to a PPPoE server
- Creating a network interface without an IP address
- Editing a network interface
- Disabling or enabling a network interface
- Canceling the application of network interface settings to a CPE device
- Deleting a network interface
- Creating network interfaces
- Configuring the connection of a CPE device to the orchestrator and controller
- Managing SD-WAN interfaces
- About sending information about SD-WAN interfaces of the WAN type to the controller
- Package fragmentation
- Traffic queues on SD-WAN interfaces
- Creating an SD-WAN interface of the WAN type
- Editing an SD-WAN interface
- Disabling or enabling an SD-WAN interface
- Deleting an SD-WAN interface of the WAN type
- Managing service interfaces
- Managing OpenFlow port groups
- Configuring a UNI for connecting CPE devices to network services
- Adding a static route
- Filtering routes and traffic packets
- Policy-based routing (PBR)
- Route exchange over BGP
- Route exchange over OSPF
- Using BFD to detect routing failures
- Ensuring high availability with VRRP
- Transmission of multicast traffic using PIM and IGMP protocols
- Managing virtual routing and forwarding (VRF) tables
- Monitoring traffic packet information using the NetFlow protocol
- Diagnosing a CPE device
- Running tasks on CPE devices
- IP address and subnet ranges for CPE devices
- Managing the firewall
- Managing network services and virtualization of network functions
- Managing network service templates
- Managing network services
- Scenario: Deploying a virtual network function
- Scenario: Deploying a physical network function
- Managing VNF and PNF packages
- Specifying a brief description of a shared network service
- Managing virtual network functions
- Selecting the flavour of a virtual network function
- Configuring external connection points of a virtual network function
- Basic settings of a virtual network function
- Hosting the virtual network function in a data center and on a uCPE device
- Stopping or starting a virtual network function or a VDU that is part of it
- Pausing or unpausing a virtual network function or a VDU that is part of it
- Suspending or unsuspending a virtual network function or a VDU that is part of it
- Soft rebooting a virtual network function or a VDU that is part of it
- Hard rebooting of a virtual network function or a VDU that is part of it
- Redeploying a virtual network function or a VDU that is part of it
- Auto-healing a virtual network function or a VDU that is part of it
- Managing VDU snapshots
- Managing physical network functions
- Configuring a P2P service
- Configuring a P2M service
- Configuring an M2M service
- Configuring a shared network (OS 2 SHARED)
- Configuring a virtual router (OS vRouter)
- Configuring a VLAN
- Configuring a VXLAN
- Configuring a flat network
- Configuring a UNI
- Monitoring solution components
- Specifying the Zabbix server
- Specifying the Zabbix proxy server
- Configuring CPE device monitoring
- Viewing monitoring results
- Viewing problems
- Viewing the status of the solution and its components
- Viewing logs
- Viewing and deleting service requests
- Sending CPE device notifications to users
- Selecting the Docker container log verbosity
- Monitoring CPE, VNF, and PNF devices using SNMP
- Link monitoring
- Building an SD-WAN network between CPE devices
- Quality of Service (QoS)
- Transmission of traffic between CPE devices and client devices using transport services
- Traffic packet duplication
- Scenario: Directing application traffic to a transport service
- Scenario: Establishing L2 connectivity between CPE devices
- Managing Point-to-Point (P2P) transport services
- Managing Point-to-Multipoint (P2M) transport services
- Managing Multipoint-to-Multipoint (M2M) transport services
- Managing IP multicast transport services
- Managing L3 VPN transport services
- Managing transport services in an SD-WAN instance template
- Managing transport services in a CPE template
- Traffic mirroring and forwarding between CPE devices
- Integration with Kaspersky CyberSecurity for Networks
- Appendices
- Glossary
- Control plane
- Controller
- Customer Premise Equipment (CPE)
- Data plane
- Open vSwitch (OVS)
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- Port security
- SD-WAN Gateway
- SD-WAN instance
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Switch Operating System (SWOS)
- Tenant
- Transport strategy
- Universal CPE (uCPE)
- Virtual Deployment Unit (VDU)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function (VNF)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Contacting Technical Support
- Information about third-party code
- Trademark notices
Managing CPE devices > Policy-based routing (PBR) > Managing IP routing rules
Managing IP routing rules
Managing IP routing rules
You can view the table of IP rules in a CPE template and on a CPE device:
- To view the table of IP rules in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and in the sidebar, select the PBR section.
- To view the table of IP rules on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and in the sidebar, select the PBR section.
Information about IP rules is displayed in the following columns of the table:
- Priority is the rule priority. Rules with a lower priority value are applied earlier.
- Status is the status of the rule. Possible values:
- Enabled means the rule is active.
- Disabled means the rule is inactive.
- IP Protocol is the encapsulated protocol. The following values are possible:
- TCP
- UDP
- ICMP
- SCTP
- AH
- ESP
- GRE
- IPIP
- Source host or network is the host or network of the source.
- Source port is the source port.
- Source network interface is the inbound interface to be matched. If the interface is a loopback interface, the rule matches only packets originating from this host.
- Destination host or network is the host or network of the destination.
- Destination port is the destination port.
- Destination network interface is the outbound interface to be matched. The outbound interface is available only for packets originating from local sockets bound to the device.
- "sdwan.pbr.ip.rule": "IP address rule",
- "sdwan.pbr.lookup.vrf": "Lookup VRF",
- "sdwan.pbr.max.rules.hint": "{currentValue} out of {maxValue} rules already created",
- "sdwan.pbr.port.hint": "You can enter either a single value or a range of values from 1 to 65535 separated by a dash. Examples:<br></br>443<br></br>1024-65535",
- "sdwan.pbr.priority.hint": "The lower the priority value, the earlier it is applied.",
- "sdwan.pbr.src.interface.hint": "Incoming interface to match. If the interface is a loopback, the rule only matches packets originating from this host.",
- "sdwan.pbr.vrf.main.error": "Unable to save rule for this VRF: source IP address other than 0.0.0.0/0 must be specified.",
- VRF is the VRF in which the search for routes is performed.
- Actions lists actions that can be performed with the IP rule (enable, disable, edit, delete).
|
In this section |
Article ID: 300311, Last review: Jul 11, 2025