- Internal user networks are in 10.0.0.0/24
- Internal server networks are in 10.100.100.0/24
- All internet access (ports 80,443,21) are routed to a transparent proxy 10.100.100.254
First we defined two access-lists, one for the traffic exempted from the PBR
acl number 2000 name PBR-Traffic-Exemption
rule 10 permit ip destination 10.100.100.0 0.0.0.255
acl number 2001 name PBR-to-Transparent-Proxy
rule 10 permit tcp destination-port eq 21
rule 15 permit tcp destination-port eq 80
rule 20 permit tcp destination-port eq 443
Create the PBR configuration with these ACLs included
policy-based-route PBR-Transparent-Proxy deny node 10
if-match 2000
quit
policy-based-route PBR-Transparent-Proxy permit node 20
if-match 2001
apply ip-address next-hop 10.100.100.254
quit
Appy the PBR configuration on the desired interface
interface Vlan-interface 100
ip policy-based-route PBR-Transparent-Proxy
To inspect and verify the PBR configuration on the device:
# Check the PBR configuration
<HP-WAN-TEST-RTR-3020>display policy-based-route
Policy based routing configuration information:
policy-based-route : PBR-Transparent-Proxy
Node 10 deny :
if-match acl 2000
Node 20 permit :
if-match acl 2001
apply ip-address next-hop 10.100.100.254
# Confirm the PBR applied on the interface
<HP-WAN-TEST-RTR-3020>display ip policy-based-route setup interface vlan 100
Interface Vlan-interface100 policy based routing configuration information:
policy-based-route : PBR-Transparent-Proxy
Node 10 deny :
if-match acl 2000
Node 20 permit :
if-match acl 2001
apply ip-address next-hop 10.100.100.254
I hope this simple configuration would help anyone.