Policy routing

Adding a policy route

To add a policy route, go to Router > Static > Policy Route and select Create New.

Protocol  Enter the protocol number to match. The Internet Protocol Number is found in the IP packet header. RFC 5237 describes protocol numbers and you

can find a list of the assigned protocol numbers here. The range is from 0 to 255. A value of 0 disables the feature.

Commonly used Protocol settings include 6 for TCP sessions, 17 for UDP sessions, 1 for ICMP sessions, 47 for GRE sessions, and 92 for multicast sessions.

Incoming Interface  Select the name of the interface through which incoming packets subjected to the policy are received.

Source Address / Mask To perform policy routing based on IP source address, type the source address and network mask to match. A value of 0.0.0.0/0.0.0.0 dis- ables the feature.

Destination Address / Mask

To perform policy routing based on the IP destination address of the packet, type the destination address and network mask to match. A value of 0.0.0.0/0.0.0.0 disables the feature.

Destination Ports  To perform policy routing based on the port on which the packet is received, type the same port number in the From and To fields. To apply policy routing to a range of ports, type the starting port number in the From field and the ending port number in the To field. A value of 0 disables this feature.

The Destination Ports fields are only used for TCP and UDP protocols. The ports are skipped over for all other protocols.

Type of Service

Use a two digit hexadecimal bit pattern to match the service, or use a two digit hexadecimal bit mask to mask out. For more information, see Type of Service on page 273.

Outgoing Interface                   Select the name of the interface through which packets affected by the policy will be routed.

Gateway Address                      Type the IP address of the next-hop router that the FortiGate unit can access through the specified interface.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.