Network configuration

Policy routing

 

 

The gateway added to a policy route must also be added to a destination route. When the FortiGate unit matches packets with a route in the RPDB, the FortiGate unit looks in the destination routing table for the gateway that was added to the policy route. If a match is found, the FortiGate routes the packet using the matched destination route. If a match is not found, the FortiGate routes the packet using normal routing.

To find a route with a matching gateway, the FortiGate unit starts at the top of the destination routing table and searches until it finds the first matching destination route. This matched route is used to route the packet.

Policy routing command syntax

Configure policy routing using the following CLI command.

set system route policy <route_int> src <source_ip> <source_mask> iifname <source-interface_name>

dst <destination_ip> <destination_mask>

oifname <destination-interface_name> protocol <protocol_int> port <low-port_int> <high-port_int> gw <gateway_ip>

Complete policy routing command syntax is described in the FortiGate CLI Reference

Guide.

Providing DHCP services to your internal network

If the FortiGate unit is operating in NAT/Route mode, you can configure it to be the

DHCP server for your internal network:

1Go to System > Network > DHCP.

2Select Enable DHCP.

3Configure DHCP server settings.

Starting IP

Enter Starting IP and Ending IP to configure the range of IP addresses that

Ending IP

the FortiGate unit can assign to DHCP clients. The addresses must be

 

addresses on your internal network.

Netmask

Enter the Netmask that the FortiGate unit assigns to the DHCP clients.

Lease Duration

Enter the interval in seconds after which a DHCP client must ask the DHCP

 

server for a new address. The lease duration must be between 300 and

 

8000000 seconds.

Domain

Optionally enter in the domain that the DHCP server assigns to the DHCP

 

clients.

DNS IP

Enter the IP addresses of up to 3 DNS servers that the DHCP clients can

 

use for looking up domain names.

Default Route

Enter the default route to be assigned to DHCP clients. The default route

 

should be on the same subnet as the starting and ending IP addresses.

WINS

Add the IP addresses of one or two WINS servers to be assigned to DHCP

 

clients.

Exclusion Range Optionally enter up to 4 exclusion ranges of IP addresses within the starting

IP and ending IP addresses that cannot be assigned to DHCP clients.

4Select Apply.

5Configure the IP network settings of the computers on your network to obtain an IP address automatically using DHCP.

FortiGate-100 Installation and Configuration Guide

119

Page 119
Image 119
Fortinet 100 user manual Providing Dhcp services to your internal network, Policy routing command syntax, 119