Hot!Policy Based Routing

Author
Gabana
New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/30 23:24:29
  • Status: offline
2018/05/20 01:36:39 (permalink)
0

Policy Based Routing

hello all
 
does policy based routing work on the interface of the firewall ?
for example if we need to accept connection to an interface on the firewall and then send it back to the next hop on that interface (not the default route on the other interface)
can we use PBR here ?
#1

4 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1675
    • Scores: 139
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Policy Based Routing 2018/05/20 22:01:45 (permalink)
    0
    You still need to have a route for the destination toward the interface the PBR is pointing to. PBR picks one out of multiple routing options based on other factors such as source interface, addresses, protocaol, etc.
    #2
    Gabana
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/01/30 23:24:29
    • Status: offline
    Re: Policy Based Routing 2018/05/20 22:04:37 (permalink)
    0
    so you mean can we use PBR or not ?
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1675
    • Scores: 139
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Policy Based Routing 2018/05/20 22:12:28 (permalink)
    0
    Depending on how you configure. See the example at KB below. This FGT has two static default routes with different priority. The PBR re-direct a specific outbound traffic toward the low priority interface/ISP.
    http://kb.fortinet.com/kb/viewContent.do?externalId=FD31240
     
    #4
    j.a.m.e.s
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/22 04:47:24
    • Status: offline
    Re: Policy Based Routing 2019/09/22 05:36:59 (permalink)
    0
    Toshi,
    Are you saying that in order to use PBR on Fortigate, you need to match a PBR policy as well as matching a RIB entry with the DST IP header of the ingress packet? I found this in the Fortigate handbook:
     
    In fact, the FortiGate almost always requires a matching route in the routing table in order to use a policy route.
     
    This seems like a shame. I would ideally like to say "all packets received on IF X should route to IF Y" and vice versa. I would like to do this across 20 - 30 vdoms and not have to set up route peerings for each one.
     
    Regards
     
    James.
     
     
     
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5