Policy routing enables you to redirect traffic away from a static route. This can be useful if you want to route certain types of network traffic differently. You can use incoming traffic’s protocol, source address or interface, destination address, or port number to determine where to send the traffic. For example, generally network traffic would go to the router of a subnet, but you might want to direct SMTP or POP3 traffic directly to the mail server on that subnet.
If you have configured the FortiGate unit with routing policies and a packet arrives at the FortiGate unit, the
FortiGate unit starts at the top of the Policy Route list and attempts to match the packet with a policy. If a match
is found and the policy contains enough information to route the packet (a minimum of the IP address of the next- hop router and the FortiGate interface for forwarding packets to it), the FortiGate unit routes the packet using the information in the policy. If no policy route matches the packet, the FortiGate unit routes the packet using the routing table.
Most policy settings are optional,and a matching policy alone might not provide enough information for forwarding the packet. In fact, the FortiGate almost always requires a matching route in the routing table in order to use a policy route. The FortiGate unit will refer to the routing table in an attempt to match the information in the packet header with a route in the routing table.
Policy route options define which attributes of a incoming packet cause policy routing to occur. If the attributes of a packet match all the specified conditions, the FortiGate unit routes the packet through the specified interface to the specified gateway.
To view policy routes go to Router > Static > Policy Routes.
Create New Add a policy route. See Adding a policy route on page 272.
Edit Edit the selected policy route.
Delete Delete the selected policy route.
Move the selected policy route. Enter the new position and select OK.
For more information, see Moving a policy route on page 274.
# The ID numbers of configured route policies. These numbers are sequen- tial unless policies have been moved within the table.
Incoming The interfaces on which packets subjected to route policies are received.
Outgoing The interfaces through which policy routed packets are routed.
Source The IP source addresses and network masks that cause policy routing to occur.
Destination The IP destination addresses and network masks that cause policy routing to occur.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply