Adding a policy route
To add a policy route, go to Router > Static > Policy Route and select Create New.
Protocol Enter the protocol number to match. The Internet Protocol Number is found in the IP packet header. RFC 5237 describes protocol numbers and you
can find a list of the assigned protocol numbers here. The range is from 0 to 255. A value of 0 disables the feature.
Commonly used Protocol settings include 6 for TCP sessions, 17 for UDP sessions, 1 for ICMP sessions, 47 for GRE sessions, and 92 for multicast sessions.
Incoming Interface Select the name of the interface through which incoming packets subjected to the policy are received.
Source Address / Mask To perform policy routing based on IP source address, type the source address and network mask to match. A value of 0.0.0.0/0.0.0.0 dis- ables the feature.
Destination Address / Mask
To perform policy routing based on the IP destination address of the packet, type the destination address and network mask to match. A value of 0.0.0.0/0.0.0.0 disables the feature.
Destination Ports To perform policy routing based on the port on which the packet is received, type the same port number in the From and To fields. To apply policy routing to a range of ports, type the starting port number in the From field and the ending port number in the To field. A value of 0 disables this feature.
The Destination Ports fields are only used for TCP and UDP protocols. The ports are skipped over for all other protocols.
Type of Service
Use a two digit hexadecimal bit pattern to match the service, or use a two digit hexadecimal bit mask to mask out. For more information, see Type of Service on page 273.
Outgoing Interface Select the name of the interface through which packets affected by the policy will be routed.
Gateway Address Type the IP address of the next-hop router that the FortiGate unit can access through the specified interface.