Fortinet 100 user manual Configuring the routing table, Policy routing

Configuring the routing table

The routing table shows the destination IP address and mask of each route you add as well as the gateways and devices added to the route. The routing table also displays the gateway connection status. A green check mark indicates that the FortiGate unit has used the ping server and dead gateway detection to determine that it can connect to the gateway; a red X means that a connection cannot be established. A blue question mark means that the connection status is unknown. For more information, see “Adding a ping server to an interface” on page 111, and

The FortiGate unit assigns routes by searching for a match starting at the top of the routing table and moving down until it finds the first match. You must arrange routes in the routing table from more specific to more general. The default route is the most general route. If you add a default route, it should be at the bottom of the routing table.

1Go to System > Network > Routing Table.

2Choose a route to move and select Move to to change its order in the routing table.

3Type a number in the Move to field to specify where in the routing table to move the route and select OK.

4Select Delete to remove a route from the routing table.

Figure 3: Routing table

Policy routing

Policy routing extends the functions of destination routing. Using policy routing you can route traffic based not only the destination address but also on:

•Source address

•Protocol, service type, or port range

•Incoming or source interface

Using policy routing you can build a routing policy database (RPDB) that selects the appropriate route for traffic by executing a set of routing rules. To select a route for traffic the FortiGate unit matches the traffic with the policy routes added to the RPDB starting at the top of the list. The first policy route to match the traffic is used to set the route for the traffic. The route supplies the next hop gateway as well as the FortiGate interface to be used by the traffic.

Packets are matched with policy routes before they are matched with destination routes. If a packet does not match a policy route it is routed using destination routes.