UniFi Gateway - Policy-Based Routing
Policy Based Routes are a feature found in the Routing section of your Network application that allows you to send traffic to a specific destination such as a WAN port or a VPN Client interface. This feature may also be referred to as Traffic Routes or PBR.
Requirements
- A Next-Gen UniFi gateway or UniFi Cloud Gateway
Available Options
Policy Based Routes can be configured to:
-
- Match an entire LAN network or a specific client device.
- Send traffic to the secondary WAN port.
- Match either All or Specific client traffic, such as a geographical region.
Specific traffic can match on the following:
-
- IP address + port
- IP address range
- Domain name
- Region
Note: Domain matching requires the client devices to use the UniFi gateway as the DNS server.
Examples
If you want to send specific streaming traffic from your Apple TV to a VPN Client tunnel, create a Policy Based Route with the following options:
- Type: Specific Traffic
- Category: Domain Name
- Domain Name: Add one or more domains used by the streaming service
- Target: Apple TV
- Interface: VPN Client
If you want to send all traffic from a Virtual Network to the secondary WAN port, then create a Policy Based Route with the following options:
- Type: All Traffic
- Target: Select the Virtual Network name
- Interface: WAN2
Frequently Asked Questions
1. I have a TV but it does not support VPNs. Can I use Policy Based Routes to send the TV's traffic over the VPN?
Yes. First configure a VPN Client to a provider of your choice and then add a Traffic Route matching the TV. See the examples section for more information.
2. I am using a secondary failover WAN. Can I use Policy Based Routes to send traffic to this WAN port?
Yes. See the examples section for more information.