Is it possible to create a policy that does category based routing?
search cancel

Is it possible to create a policy that does category based routing?


Article ID: 166631


Updated On:


ProxySG Software - SGOS


Although this not a feature that is supported natively on the ProxySG, it is possible to apply web filtering category based routing to the policy.

For this example, we have a proxy installed (inline or explicit) that is connected to a routing device that has access to both ISPs. ISP-A is a high speed connection dedicated to mission critical traffic, and ISP-B is a slower connection that we want to use for recreational traffic.

The proxy's main IP address is, and the default gateway is the router at

(LAN) -> (Proxy) -> Router capable of doing source-based routing -> ISP A and B


The way we can do this is by using the "reflect client IP" feature for some of the connections, and then let the router decide which ISP to use based on source IP.


  1. Create a virtual IP address on the proxy ( for our example)
  2. Create a new web access layer, and set the destination to be the categories that you deem recreational
  3. Set the action for that rule to "Reflect IP", and pick the new IP address that you configured in Step-1 (
  4. Install the policy

Your router will now see traffic coming from 2 different IP addressed, (for connections that didn't match our rule, so mission critical traffic), and (for traffic that matched our recreational web filtering categories)

What you need to configure now, and this will vary depending in the router you use, is a source IP based route that should be something like this :

  • If the source is, the next hop is ISP-A's gateway address
  • If the source is, the next hop is ISP-B's gateway address


This is not a "cookie cutter" solution, you might need to make a few chances to it depending on your environment. Since category based routing is not a ProxySG feature yet, this is the only way to route traffic depending on category.


Contribution from nolan.rumble from