Example policy route
Configure the following policy route to send all FTP traffic received at port1 out the port10 interface and to a next hop router at IP address 172.20.120.23. To route FTP traffic set protocol to 6 (for TCP) and set both of the destination ports to 21, the FTP port.
Protocol 6
Incoming interface port1
Source address / mask 0.0.0.0/0.0.0.0
Destination address / mask 0.0.0.0/0.0.0.0
Destination Ports From 21 to 21
Type of Service bit pattern: 00 (hex) bit mask: 00 (hex)
Outgoing interface port10
Gateway Address 172.20.120.23
Type of Service
Type of service (TOS) is an 8-bit field in the IP header that enables you to determine how the IP datagram should be delivered, with such qualities as delay, priority, reliability, and minimum cost.
Each quality helps gateways determine the best way to route datagrams. A router maintains a ToS value for each route in its routing table. The lowest priority TOS is 0, the highest is 7 – when bits 3, 4, and 5 are all set to 1. The router tries to match the TOS of the datagram to the TOS on one of the possible routes to the destination. If there is no match, the datagram is sent over a zero TOS route.
Using increased quality may increase the cost of delivery because better performance may consume limited network resources. For more information, see RFC 791 and RFC 1349.
The role of each bit in the IP header TOS 8-bit field
|
bits 0, 1, 2 |
Precedence |
Some networks treat high precedence traffic as more important traffic. Pre- cedence should only be used within a network, and can be used differently in each network. Typically you do not care about these bits. |
|
bit 3 |
Delay |
When set to 1, this bit indicates low delay is a priority. This is useful for such services as VoIP where delays degrade the quality of the sound. |
|
bit 4 |
Throughput |
When set to 1, this bit indicates high throughput is a priority. This is useful for services that require lots of bandwidth such as video conferencing. |
|
bit 5 |
Reliability |
When set to 1, this bit indicates high reliability is a priority. This is useful when a service must always be available such as with DNS servers. |
|
bit 6 |
Cost |
When set to 1, this bit indicates low cost is a priority. Generally there is a higher delivery cost associated with enabling bits 3,4, or 5, and bit 6 indic- ates to use the lowest cost route. |
|
bit 7 |
Reserved for future use |
Not used at this time. |
For example, if you want to assign low delay, and high reliability, say for a VoIP application where delays are unacceptable, you would use a bit pattern of xxx1x1xx where an ‘x’ indicates that bit can be any value. Since all bits are not set, this is a good use for the bit mask; if the mask is set to 0x14, it will match any TOS packets that are set to low delay and high reliability.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!