Policy routing – Fortinet FortiGate 50A User Manual
Page 103
Network configuration
Configuring routing
FortiGate-50A Installation and Configuration Guide
103
To configure the routing table
1
Go to System > Network > Routing Table.
2
Choose the route that you want to move and select Move to
to change its order in
the routing table.
3
Type a number in the Move to field to specify where in the routing table to move the
route and select OK.
4
Select Delete
to delete a route from the routing table.
Figure 9: Routing table
Policy routing
Policy routing extends the functions of destination routing. Using policy routing you
can route traffic based on the following:
• Destination address
• Source address
• Protocol, service type, or port range
• Incoming or source interface
Using policy routing you can build a routing policy database (RPDB) that selects the
appropriate route for traffic by applying a set of routing rules. To select a route for
traffic, the FortiGate unit matches the traffic with the policy routes added to the RPDB
starting at the top of the list. The first policy route that matches is used to set the route
for the traffic. The route supplies the next hop gateway as well as the FortiGate
interface to be used by the traffic.
Packets are matched with policy routes before they are matched with destination
routes. If a packet does not match a policy route, it is routed using destination routes.
The gateway added to a policy route must also be added to a destination route. When
the FortiGate unit matches packets with a route in the RPDB, the FortiGate unit looks
in the destination routing table for the gateway that was added to the policy route. If a
match is found, the FortiGate unit routes the packet using the matched destination
route. If a match is not found, the FortiGate unit routes the packet using normal
routing.
To find a route with a matching gateway, the FortiGate unit starts at the top of the
destination routing table and searches until it finds the first matching destination route.
This matched route is used to route the packet.