212
them refer to the prefix you received. You can use these objects in various configuration
options.
Additional IPv6 addresses (aliases) / Cluster IP addresses
You can specify additional IPv6 addresses for the select network interface. These
addresses may belong to the same IP subnet as the primary address or may belong
to different networks (e.g. a ULA address).
14.1.2.1-B
Routing
Policy Routing
On this tab you can configure static routing entries. You can add conventional routes,
considering only the packet's destination, but also extended rules which include source
addresses, protocol and port numbers (policy based routing).
Static routes must be added, if there are other networks which are not directly
connected to the network card but can be addressed via a router. Specify the network
address and the netmask of this remote network - this will automatically instruct the
SX-GATE firewall to accept the network on this interface. Enter the IP address of the
router as gateway.
The router's IP address must always be part of the same IP
network as the IP of SX-GATE. The remote network in contrast
must address a different network.
Use the special value 0.0.0.0 if the gateway IP is assigned with
DHCP.
Rules for specific protocols or sources come into play if multiple internet links are
available. One could for instance direct web traffic via an ADSL link while all the other
traffic like emails and VPN uses an SDSL line.
The evaluation order is not based on the order in the list. The priority depends on how
specific a rule is, taking in account the rules configured across all devices. Routes with
all three parameters defined (i.e. protocol, source and destination) will be considered
first. Rules with a destination take precedence over rules with protocol. These in turn
have a higher priority than rules with a source. Within source and destination, rules
are sorted by descending netmasks. The evaluation order of overlapping protocol
specifications is not defined.