Routing Based on Layer 7
-
Is there a way that I can route certain traffic, based on a layer 7 classification, out a certain interface/tunnel? Currently I can route certain traffic that is protocol and port specific out of an OpenVPN tunnel without issue (I believe that's called policy based routing?) but for things that don't conform to certain ports, BitTorrent for example, I would like to be able to classify them based on their application layer and route them accordingly.
I've tinkered around with creating Layer 7 containers and changing with the "Structure" and "Behaviour" settings then trying to apply it to a LAN firewall rule, adjusting the "Layer7" and "Gateway" parameters. After reading a few posts I am now completely confused, now thinking the "Layer7" option in the firewall rule advanced section is for something completely different.
Is this possible to do? If it's not, is there a workaround that should work and would duplicate this functionality?
-
Not possible. The packets are already flowing upon a given path by the time L7 has a chance to classify the traffic. At that point it's impossible for it to re-route the connection since it's already established.
