FortiWAN How to set up routing rules for Tunnel Routing

Leave a reply

Persistent Rules

Traffic that a persistent rule matches is transferred via a fixed tunnel (WAN link). Tunnel Routing transfers the first packet of a session through a tunnel according to the specified balancing algorithm. Persistent routing then marks this tunnel for the session, so that the subsequent packets of the session will be transferred directly via the same tunnel (GRE encapsulated directly with the source and destination of the tunnel) without evaluation against routing rules and balancing algorithms until this session disconnects or timeout. For any new session that a persistent rule matches, only the first packet of the session will be processed with routing rules and balancing algorithms. Persistent routing makes Tunnel Routing degenerate into traditional tunnel transmission (transfer every single session via one WAN link), which provides no load balancing and fault tolerance to single session; even so, multiple sessions (not packets) are still distributed over multiple WAN links (similar concept as Auto Routing). Note that setting of the filed “Fail-Over” of a routing rule (or a default rule) is invalid for sessions that are routed persistently to fixed tunnels.

Source The source of the connection (See “Using the web UI”).
Destination The destination of the connection (See “Using the web UI”).
Service The TCP/UDP service type to be matched. The default is “Any”. Administrators can select from the publicly known service types (e.g. FTP), or can choose the port number in TCP/UDP packet. To specify a range of port numbers, type starting port number plus hyphen “-” and then end port number. e.g. “TCP@123-234” (See “Using the web UI”).

So far, Routing Rules, Default Rule and Persistent Rules are introduced. Any packet for Tunnel Routing will be first evaluated against Persistent Rules. Once a persistent rule matches and a tunnel that the previous packet are transferred through is marked for the session, this packet will be transferred directly via the tunnel without evaluation against Default Rule and Routing Rules. Packets that no persistent rules match or no tunnel is market for transferring directly will be evaluated against Default Rule first and Routing Rules then, the rule that matches first is applied.

See also

Tunnel Routing

How the Tunnel Routing Works

Tunnel Routing – Setting

Tunnel Routing – Benchmark

Scenarios

Pages: 1 2 3
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.