Patent attributes
Some embodiments provide a method for configuring a gateway datapath that processes data messages between a logical network implemented in a datacenter and an external network. The method receives configuration data including security policy rules for a logical router implemented by the datapath that indicate whether to apply a security protocol to certain data messages transmitted from a particular interface of the logical router. The method identifies a particular security policy rule that applies to data messages that (i) have a destination address in a set of destination addresses and (ii) meet at least one additional criteria. The method generates a static route, for a routing table used by the datapath to implement the logical router, that routes data messages with destination addresses in the set of destination addresses to the particular interface. The datapath applies the security policy rules for data messages transmitted from the particular interface.