The definition of interface tags in Advanced Routing and Forwarding (ARF) facilitates the use of virtual routers, which only use a part of the overall routing table. For inbound data packets from the WAN, the assignment of interfaces tags can be regulated in different ways:
- By using appropriate firewall rules that only capture data packets from particular remote sites, IP addresses or ports
- Via an explicit assignment of tags to remote sites.
This assignment of tags to the remote sites to separate ARF networks can also be conveniently used for packets received at the WAN-side (which by default contain Tag 0). Without controlling the assignment of tags explicitly with the firewall, the virtual router can be determined directly from the remote site or source route from the form of the interface tag. Inbound and outbound communication can thus be easily divided between virtual routers bidirectionally.
Note: The interface tags determined via the tag table can be overwritten with an appropriate entry in the firewall.
