Configuring PBR

This section describes how to configure PBR using the web UI.

Prerequisites

The User, User Group, or Security Groups are configured.
The Service or Service Group is configured.
The Application or Application Group is configured.
The MAC address configured in the policy relies on the across-Layer-3 MAC identification function or the firewall ARP entries are learned.
- If the FW works at Layer 2 and directly connects to an intranet or connects to a Layer-2 switch, MAC addresses can serve as matching conditions.
- If the FW works at Layer 3 and directly connects to an intranet or connects to a Layer-2 switch, MAC addresses can serve as matching conditions through ARP learning.
- If the FW connects to an intranet through a Layer-3 network device, configure across-Layer-3 MAC identification on the FW and then use MAC addresses as matching conditions. For the description of across-Layer-3 MAC identification, see Across-Layer-3 MAC Identification.

Procedure

Choose Network > Route > Intelligent Uplink Selection.
Click the Intelligent Uplink Selection Policy tab and click Add in the Policy-based Route area.

Set the name and description of the PBR rule.

Parameter	Description
Name	Enter a name for the PBR rule. The name must be unique.
Description	Configure description for the PBR rule. The description must clearly indicate the function of each PBR rule for easy search and maintenance.

Configure a tag for the policy.
The tag identifies and categorizes the policy. You can query policies based on tags and delete, move, enable, or disable policies in batches based on the query results. For the tag description and configuration, see Tag.

Set the matching conditions of the PBR rule.

Parameter	Description
Type	Set the type of the packet source. Select either of the two types: Inbound Interface: identifies traffic based on the interface that receives the packet. Source Zone: identifies traffic based on the source security zone.
Inbound Interface	Set the incoming interface as a matching condition of the PBR rule. NOTE: The interfaces that can be configured as inbound interfaces include Ethernet interfaces, Ethernet subinterfaces, Eth-Trunk interfaces, VLAN interfaces, virtual interfaces, Tunnel interfaces, and Dialer interfaces.
Source Zone	Set the source security zone as a matching condition of the PBR rule.
Source Address	Set the source IP address, MAC address, ISP address set or domain group as a matching condition of the PBR rule. NOTE: To exclude an address or address group (source address or source addresses of traffic) from rule matching, select the address or address group from the available address area, select it in the selected address area and click Invert, and then click OK. When an IP address corresponds to multiple domain names, an IP address can be used to search for a maximum of 16 domain names. If the domain name to be searched is not in the policy rule, the policy cannot be matched. You are advised to configure multiple domain names with the same IP address in the same policy rule.
Destination Address	Set the destination IP address, MAC address, ISP address set or domain group as a matching condition of the PBR rule. NOTE: To exclude an address or address group (destination address or destination addresses) from rule matching, select the address or address group from the available address area, select it in the selected address area and click Invert, and then click OK. When an IP address corresponds to multiple domain names, an IP address can be used to search for a maximum of 16 domain names. If the domain name to be searched is not in the policy rule, the policy cannot be matched. You are advised to configure multiple domain names with the same IP address in the same policy rule.
User	Set the user, user group or security group as a matching condition of the PBR rule.
Service	Set the service type as a matching condition of the PBR rule. For information about Service, see Service and Service Group. NOTE: To exclude a service or service group (service or service group of traffic) from rule matching, select the service or service group from the available service area, select it in the selected service area and click Invert, and then click OK.
Application	Set the application type as a matching condition of the PBR rule. You can reference an application label to control traffic that matches the label or reference software to control traffic that matches this type of software. For details on applications, application groups, and application labels, see Application and Application Group. NOTE: The FW supports the fuzzy search function, which helps you rapidly search a needed application. To search an application, perform the following steps: Click Multiple. Enter an application name or a part of the application name. Click . The application with the specified name appears in the drop-down list. Select the needed application name and add the application.
Schedule	Set the time range during which the PBR rule is applied. Policy rules can be used to divert traffic within the effective duration of PBR.
DSCP Priority	Set the DSCP value of a packet as a matching condition of the PBR rule.

Set the action of the PBR rule.

Parameter	Description
Action	Set an action for packets matching the PBR rule. The following actions are available: Forward: forwards packets matching the conditions based on the PBR rule. Forward to Virtual System: forwards packets matching the conditions to other virtual systems based on the PBR rule. Do Not Forward: forwards packets matching the conditions based on the routing table. NOTE: Do Not Forward applies to certain scenarios. For example, to implement PBR on subnet 10.1.1.0/24 except 10.1.1.2, configure a rule with a higher priority to implement Do Not Forward on 10.1.1.2 first and then another rule with a lower priority to implement Forward on subnet 10.1.1.0/24.
Virtual System	Specify the virtual system to which packets are forwarded by PBR.
Egress Type	The policy-based route supports one or more outbound interfaces. Single If the next hop or outgoing interface is unreachable, the FW discards the packet. To enhance reliability, configure the FW to monitor the reachability of the next hop or destination IP address. If the next hop or destination IP address is unreachable, the FW looks up the routing table to avoid packet loss. Multiple When the policy-based route has multiple outbound interfaces, you can configure intelligent uplink selection based on policy-based routes to select the optimal outbound interface. When multiple links are available to the destination network, the FW can select the outbound interface dynamically based on the specified link bandwidths, weights, priorities, or automatically detected link quality to improve user experience and maximize the usage of link bandwidths. NOTE: Intelligent uplink selection comprises intelligent uplink selection based on PBR and global route selection policy. The former resolves the link selection problem when multiple outbound interfaces are available for forwarding matched traffic. The latter resolves the link selection problem when equal-cost routes or default routes are available for forwarding matched traffic. Intelligent uplink selection based on PBR has the same mechanism as global route selection policy. For details on global route selection policy, see Understanding Global Route Selection Policy.

Parameter

Description

Action

Set an action for packets matching the PBR rule. The following actions are available:

Forward: forwards packets matching the conditions based on the PBR rule.
Forward to Virtual System: forwards packets matching the conditions to other virtual systems based on the PBR rule.
Do Not Forward: forwards packets matching the conditions based on the routing table.
NOTE:
Do Not Forward applies to certain scenarios. For example, to implement PBR on subnet 10.1.1.0/24 except 10.1.1.2, configure a rule with a higher priority to implement Do Not Forward on 10.1.1.2 first and then another rule with a lower priority to implement Forward on subnet 10.1.1.0/24.

Virtual System

Specify the virtual system to which packets are forwarded by PBR.

Egress Type

The policy-based route supports one or more outbound interfaces.

Single

If the next hop or outgoing interface is unreachable, the FW discards the packet. To enhance reliability, configure the FW to monitor the reachability of the next hop or destination IP address. If the next hop or destination IP address is unreachable, the FW looks up the routing table to avoid packet loss.
Multiple

When the policy-based route has multiple outbound interfaces, you can configure intelligent uplink selection based on policy-based routes to select the optimal outbound interface. When multiple links are available to the destination network, the FW can select the outbound interface dynamically based on the specified link bandwidths, weights, priorities, or automatically detected link quality to improve user experience and maximize the usage of link bandwidths.

NOTE:
Intelligent uplink selection comprises intelligent uplink selection based on PBR and global route selection policy. The former resolves the link selection problem when multiple outbound interfaces are available for forwarding matched traffic. The latter resolves the link selection problem when equal-cost routes or default routes are available for forwarding matched traffic. Intelligent uplink selection based on PBR has the same mechanism as global route selection policy. For details on global route selection policy, see Understanding Global Route Selection Policy.

Single-egress configuration

Parameter	Description
Outbound Interface	Set the outgoing interface when Forward is selected. NOTE: You must configure either the outgoing interface or the next hop or both. A non-E2E interface, such as an Ethernet interface may connect to multiple network devices. Therefore, if Outbound Interface is set to a non-E2E interface, Next Hop must be set to ensure that traffic passes through the correct route.
Next Hop	Set the next hop when Forward is selected.

After configuring single-egress, you can use the monitoring function to check the reachability of the next hop or a certain destination IP address and determine whether to forward the packet according to the policy-based route on the basis of the link status.

Parameter	Description
Reliability Detection	Reliability detection mode: Binding BFD Binding IP-Link NOTE: A PBR rule can be associated with either IP-link or BFD. Before configuring PBR and IP-link interworking, create an IP-link. For details, see Configuring IP-Link Using the Web UI. Before configuring PBR and BFD interworking, create BFD sessions. For details, see Configuring BFD Using the Web UI.
BFD Name	BFD session name
IP-Link Name	IP-link name

Parameter

Description

Reliability Detection

Reliability detection mode:

Binding BFD
Binding IP-Link

NOTE:

A PBR rule can be associated with either IP-link or BFD.

Before configuring PBR and IP-link interworking, create an IP-link. For details, see Configuring IP-Link Using the Web UI.
Before configuring PBR and BFD interworking, create BFD sessions. For details, see Configuring BFD Using the Web UI.

BFD Name

BFD session name

IP-Link Name

IP-link name

Multi-egress configuration

This section describes only the configurations of each intelligent uplink selection mode. For configurations of interfaces, see Configuring Global Route Selection Policies.

Select a link selection mode from the Selection Mode drop-down list.

Selection Mode is Load balancing based on link bandwidth

Parameter	Description
Health Check	Indicate health check. Select a health check object from the drop-down list or click Add Health Check to create a health check object. You can choose Object > Health Check and click Add to create health check objects in advance. Link quality detection depends on the health check. If more intelligent route selection is required based on the link delay, jitter, and packet loss rate, you need to specify Health Check and Link Quality Indicator in the route selection policy. Referencing the health check on a route selection member interface can detect only the connectivity of the interface link.
Link Quality Indicator	Indicate a link quality indicator. Select a link quality indicator from the drop-down list or click Add Link Quality Indicator to create a link quality indicator. You can choose Object > Link Quality Indicator and click Add to create link quality indicators in advance. Health Check and Link Quality Indicator should be configured at the same time. After Health Check and Link Quality Indicator are configured, the FW checks whether the link quality (delay, jitter, and packet loss rate) of the outbound interface meets the quality requirements of Link Quality Indicator in real time. Unqualified links are not allowed to participate in intelligent uplink selection. NOTE: If a member interface of intelligent uplink selection is not included in the outbound interfaces of the health check, the interface is not matched with the link quality indicators. That is, the interface is considered qualified by default.
Sticky Session	Disable: disables the sticky session function. Source IP Address: enables the sticky session function based on source IP addresses. In this mode, traffic from one source IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios sensitive to link switching. Destination IP Address: enables the sticky session function based on destination IP addresses. In this mode, traffic to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to intelligent uplink selection scenarios based on link quality. Source IP & Destination IP Address: enables the sticky session function based on source and destination IP addresses. In this mode, traffic from one source IP address or network segment to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios where the traffic rate often reaches the interface bandwidth. Enabling the sticky session function in such a scenario has slight impacts on link load sharing calculation. With this function enabled, after traffic selects a link for the first time, the FW generates a corresponding sticky session entry. If the subsequent traffic matches the entry, the FW forwards the traffic through the outgoing interface recorded in the entry. In this manner, traffic of one user can be forwarded through one interface. NOTICE: After the sticky session function is disabled or the sticky session mode is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Source Subnet Mask Bits	This parameter must be configured when the sticky session mode is Source IP Address or Source IP & Destination IP Address. When the sticky session mode is Source IP Address, the FW creates a sticky session entry based on the source IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the source IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the source subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Destination Subnet Mask Bits	This parameter must be configured when the sticky session mode is Destination IP Address or Source IP & Destination IP Address. When the sticky session mode is Destination IP Address, the FW creates a sticky session entry based on the destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the destination IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the destination IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the destination subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
WAN Interface/Carrier/Interface Group	Intelligent uplink selection member interface. After you click Add, you can select member interfaces from the drop-down list. The member interfaces can be single interfaces, common interface groups, and ISP interface groups. An interface group is a collection of one or more intelligent uplink selection member interfaces. Interface groups cannot be nested. That is, multiple interface groups cannot form a new interface group.
Overload Protection Threshold	Bandwidth usage of the link. This parameter is unavailable here. It must be configured when you configure the interface.
Incoming	Inbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.
Outgoing	Outbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.

Selection Mode is Load balancing based on link quality

Parameter	Description
Link quality indicators	When you set the link selection mode to load balancing by link quality, you can set one or more link quality parameters to evaluate the link quality. The FW supports three link quality parameters: Packet loss ratio: Packet loss ratio is the default link quality parameter. After sending multiple probe packets, the FW counts the number of dropped packets and calculates the packet loss ratio. The packet loss ratio is the number of reply packets divided by the number of probe packets. Packet loss ratio is a decisive parameter to evaluate link quality. Delay: Subtracting the probe sending time from the reply receiving time is the delay. The average delay of the N probe packets sent by the FW is the final delay. Jitter: The absolute value of the difference between two adjacent probe delays is jitter. The average jitter of the N probe packets sent by the FW is the final jitter.
Detection Times	Number of link quality detection times.
Detection Interval	Interval at which link quality detection is performed.
Destination Subnet Mask Bits	Mask length of link quality detection.
Sticky Session	Disable: disables the sticky session function. Source IP Address: enables the sticky session function based on source IP addresses. In this mode, traffic from one source IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios sensitive to link switching. Destination IP Address: enables the sticky session function based on destination IP addresses. In this mode, traffic to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to intelligent uplink selection scenarios based on link quality. Source IP & Destination IP Address: enables the sticky session function based on source and destination IP addresses. In this mode, traffic from one source IP address or network segment to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios where the traffic rate often reaches the interface bandwidth. Enabling the sticky session function in such a scenario has slight impacts on link load sharing calculation. With this function enabled, after traffic selects a link for the first time, the FW generates a corresponding sticky session entry. If the subsequent traffic matches the entry, the FW forwards the traffic through the outgoing interface recorded in the entry. In this manner, traffic of one user can be forwarded through one interface. NOTICE: After the sticky session function is disabled or the sticky session mode is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Source Subnet Mask Bits	This parameter must be configured when the sticky session mode is Source IP Address or Source IP & Destination IP Address. When the sticky session mode is Source IP Address, the FW creates a sticky session entry based on the source IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the source IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the source subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Destination Subnet Mask Bits	This parameter must be configured when the sticky session mode is Destination IP Address or Source IP & Destination IP Address. When the sticky session mode is Destination IP Address, the FW creates a sticky session entry based on the destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the destination IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the destination IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the destination subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Protocol	Protocol for health check. Different protocols are used in different probe mode. Simple TCP: Indicates that TCP packets are used to check network connectivity. A link is considered available upon the reply to the first detection packet by the destination device, not completion of the three-way handshake. ICMP: Sends ICMP probe packets.
WAN Interface/Carrier/Interface Group	Intelligent uplink selection member interface. After you click Add, you can select member interfaces from the drop-down list. The member interfaces can be single interfaces, common interface groups, and ISP interface groups. An interface group is a collection of one or more intelligent uplink selection member interfaces. Interface groups cannot be nested. That is, multiple interface groups cannot form a new interface group.
Overload Protection Threshold	Bandwidth usage of the link. This parameter is unavailable here. It must be configured when you configure the interface.
Incoming	Inbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.
Outgoing	Outbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.

Selection Mode is Load balancing based on link weights

Parameter	Description
Health Check	Indicate health check. Select a health check object from the drop-down list or click Add Health Check to create a health check object. You can choose Object > Health Check and click Add to create health check objects in advance. Link quality detection depends on the health check. If more intelligent route selection is required based on the link delay, jitter, and packet loss rate, you need to specify Health Check and Link Quality Indicator in the route selection policy. Referencing the health check on a route selection member interface can detect only the connectivity of the interface link.
Link Quality Indicator	Indicate a link quality indicator. Select a link quality indicator from the drop-down list or click Add Link Quality Indicator to create a link quality indicator. You can choose Object > Link Quality Indicator and click Add to create link quality indicators in advance. Health Check and Link Quality Indicator should be configured at the same time. After Health Check and Link Quality Indicator are configured, the FW checks whether the link quality (delay, jitter, and packet loss rate) of the outbound interface meets the quality requirements of Link Quality Indicator in real time. Unqualified links are not allowed to participate in intelligent uplink selection. NOTE: If a member interface of intelligent uplink selection is not included in the outbound interfaces of the health check, the interface is not matched with the link quality indicators. That is, the interface is considered qualified by default.
Sticky Session	Disable: disables the sticky session function. Source IP Address: enables the sticky session function based on source IP addresses. In this mode, traffic from one source IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios sensitive to link switching. Destination IP Address: enables the sticky session function based on destination IP addresses. In this mode, traffic to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to intelligent uplink selection scenarios based on link quality. Source IP & Destination IP Address: enables the sticky session function based on source and destination IP addresses. In this mode, traffic from one source IP address or network segment to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios where the traffic rate often reaches the interface bandwidth. Enabling the sticky session function in such a scenario has slight impacts on link load sharing calculation. With this function enabled, after traffic selects a link for the first time, the FW generates a corresponding sticky session entry. If the subsequent traffic matches the entry, the FW forwards the traffic through the outgoing interface recorded in the entry. In this manner, traffic of one user can be forwarded through one interface. NOTICE: After the sticky session function is disabled or the sticky session mode is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Source Subnet Mask Bits	This parameter must be configured when the sticky session mode is Source IP Address or Source IP & Destination IP Address. When the sticky session mode is Source IP Address, the FW creates a sticky session entry based on the source IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the source IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the source subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Destination Subnet Mask Bits	This parameter must be configured when the sticky session mode is Destination IP Address or Source IP & Destination IP Address. When the sticky session mode is Destination IP Address, the FW creates a sticky session entry based on the destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the destination IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the destination IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the destination subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
WAN Interface/Carrier/Interface Group	Intelligent uplink selection member interface. After you click Add, you can select member interfaces from the drop-down list. The member interfaces can be single interfaces, common interface groups, and ISP interface groups. An interface group is a collection of one or more intelligent uplink selection member interfaces. Interface groups cannot be nested. That is, multiple interface groups cannot form a new interface group.
Overload Protection Threshold	Bandwidth usage of the link. This parameter is unavailable here. It must be configured when you configure the interface.
Incoming	Inbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.
Outgoing	Outbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.
Weight	Weight of the member interface. In intelligent uplink selection, the FW forwards traffic to different links based on the link weight ratio. Therefore, the link with a larger weight forwards more traffic, and the link with a smaller weight forwards less traffic.

Selection Mode is Active/standby backup based on link priorities

Parameter	Description
Health Check	Indicate health check. Select a health check object from the drop-down list or click Add Health Check to create a health check object. You can choose Object > Health Check and click Add to create health check objects in advance. Link quality detection depends on the health check. If more intelligent route selection is required based on the link delay, jitter, and packet loss rate, you need to specify Health Check and Link Quality Indicator in the route selection policy. Referencing the health check on a route selection member interface can detect only the connectivity of the interface link.
Link Quality Indicator	Indicate a link quality indicator. Select a link quality indicator from the drop-down list or click Add Link Quality Indicator to create a link quality indicator. You can choose Object > Link Quality Indicator and click Add to create link quality indicators in advance. Health Check and Link Quality Indicator should be configured at the same time. After Health Check and Link Quality Indicator are configured, the FW checks whether the link quality (delay, jitter, and packet loss rate) of the outbound interface meets the quality requirements of Link Quality Indicator in real time. Unqualified links are not allowed to participate in intelligent uplink selection. NOTE: If a member interface of intelligent uplink selection is not included in the outbound interfaces of the health check, the interface is not matched with the link quality indicators. That is, the interface is considered qualified by default.
Sticky Session	Disable: disables the sticky session function. Source IP Address: enables the sticky session function based on source IP addresses. In this mode, traffic from one source IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios sensitive to link switching. Destination IP Address: enables the sticky session function based on destination IP addresses. In this mode, traffic to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to intelligent uplink selection scenarios based on link quality. Source IP & Destination IP Address: enables the sticky session function based on source and destination IP addresses. In this mode, traffic from one source IP address or network segment to one destination IP address or network segment is forwarded through one outgoing interface. This mode applies to scenarios where the traffic rate often reaches the interface bandwidth. Enabling the sticky session function in such a scenario has slight impacts on link load sharing calculation. With this function enabled, after traffic selects a link for the first time, the FW generates a corresponding sticky session entry. If the subsequent traffic matches the entry, the FW forwards the traffic through the outgoing interface recorded in the entry. In this manner, traffic of one user can be forwarded through one interface. NOTICE: After the sticky session function is disabled or the sticky session mode is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Source Subnet Mask Bits	This parameter must be configured when the sticky session mode is Source IP Address or Source IP & Destination IP Address. When the sticky session mode is Source IP Address, the FW creates a sticky session entry based on the source IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the source IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the source subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
Destination Subnet Mask Bits	This parameter must be configured when the sticky session mode is Destination IP Address or Source IP & Destination IP Address. When the sticky session mode is Destination IP Address, the FW creates a sticky session entry based on the destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the destination IP address of subsequent traffic matching the same intelligent uplink selection policy is in the same network segment as the destination IP address recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. When the sticky session mode is Source IP & Destination IP Address, the FW creates a sticky session entry based on the source IP address, destination IP address, outgoing interface, and matched intelligent uplink selection policy ID in a session. If the source and destination IP addresses of subsequent traffic matching the same intelligent uplink selection policy are in the same network segment as the source and destination IP addresses recorded in the sticky session entry, the FW forwards the traffic through the outgoing interface in the entry. NOTICE: If the destination subnet mask length is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy, which may cause link switchover for some users. Therefore, exercise with caution.
WAN Interface/Carrier/Interface Group	Intelligent uplink selection member interface. After you click Add, you can select member interfaces from the drop-down list. The member interfaces can be single interfaces, common interface groups, and ISP interface groups. An interface group is a collection of one or more intelligent uplink selection member interfaces. Interface groups cannot be nested. That is, multiple interface groups cannot form a new interface group.
Overload Protection Threshold	Bandwidth usage of the link. This parameter is unavailable here. It must be configured when you configure the interface.
Incoming	Inbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.
Outgoing	Outbound overload protection threshold. This parameter is unavailable here. It must be configured when you configure the interface.
Priority	Priority of the member interface. A great priority value indicates a high priority.

Follow-up Procedure

If the policy-based route has multiple outbound interfaces and Selection Mode is set to Load balancing based on link quality, you can view the quality of each link in the link quality check table.

Choose Network > Route > Intelligent Uplink Selection.
On the Link Quality Check Table tab, click Refresh to view the latest information.