Policy routing

Policy routing

Policy routing enables you to redirect traffic away from a static route. This can be useful if you want to route certain types of network traffic differently. You can use incoming traffic’s protocol, source address or interface, destination address, or port number to determine where to send the traffic. For example, generally network traffic would go to the router of a subnet, but you might want to direct SMTP or POP3 traffic directly to the mail server on that subnet.

If you have configured the FortiGate unit with routing policies and a packet arrives at the FortiGate unit, the

FortiGate unit starts at the top of the Policy Route list and attempts to match the packet with a policy. If a match

is found and the policy contains enough information to route the packet (a minimum of the IP address of the next- hop router and the FortiGate interface for forwarding packets to it), the FortiGate unit routes the packet using the information in the policy. If no policy route matches the packet, the FortiGate unit routes the packet using the routing table.

Most policy settings are optional,and a matching policy alone might not provide enough information for forwarding the packet. In fact, the FortiGate almost always requires a matching route in the routing table in order to use a policy route. The FortiGate unit will refer to the routing table in an attempt to match the information in the packet header with a route in the routing table.

Policy route options define which attributes of a incoming packet cause policy routing to occur. If the attributes of a packet match all the specified conditions, the FortiGate unit routes the packet through the specified interface to the specified gateway.

To view policy routes go to Router > Static > Policy Routes.

Create New                                 Add a policy route. See Adding a policy route on page 272.

Edit                                             Edit the selected policy route.

Delete                                         Delete the selected policy route.

Move To

Move the selected policy route. Enter the new position and select OK.

For more information, see Moving a policy route on page 274.

#                                            The ID numbers of configured route policies. These numbers are sequen- tial unless policies have been moved within the table.


Incoming                                    The interfaces on which packets subjected to route policies are received.

Outgoing                                    The interfaces through which policy routed packets are routed.

Source                                        The IP source addresses and network masks that cause policy routing to occur.

Destination                                The IP destination addresses and network masks that cause policy routing to occur.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.