Match-groups provide a way to organize (group, name and prioritize) extended access-lists for policy based routing (PBR).
They are holders that associate an extended access-list ID number with a unique match-group ID (which corresponds to the match group name) and a group entry ID number. The group entry ID number defines the order in which you want the security device to process the match-group contents. You can assign multiple extended access-lists to the same match-group.
You need to create match groups for each direction that you decide packet traffic can go.
The match group table lists the sequence number, extended ACL name (ACL-EXT Name), and configuration options.
Once a match group is configured, a Remove option appears in the Configure column. Click Remove to permanently remove a match group entry.
1. Select the virtual router that you want associated with the match group from the drop-down list.
2. Click New.