Policy routing examples

NAT/Route mode installation

 

 

Policy routing examples

Policy routing can be added to increase the control you have over how packets are routed. Policy routing works on top of destination-based routing. This means you should configure destination-based routing first and then build policy routing on top to increase the control provided by destination-based routing.

For example, if you have used destination-based routing to configure routing for dual internet connections, you can use policy routing to apply more control to which traffic is sent to which destination route. This section describes the following policy routing examples, based on topology similar to that shown in Figure 8 on page 50.

Differences are noted in each example.

The policy routes described in these examples only work if you have already defined destination routes similar to those described in the previous section.

Routing traffic from internal subnets to different external networks

Routing a service to an external network

For more information about policy routing, see “Policy routing” on page 118.

Routing traffic from internal subnets to different external networks

If the FortiGate unit provides internet access for multiple internal subnets, you can use policy routing to control the route that traffic from each network takes to the Internet. For example, if the internal network includes the subnets 192.168.10.0 and 192.168.20.0 you can enter the following policy routes:

1Enter the following command to route traffic from the 192.168.10.0 subnet to the 100.100.100.0 external network:

set system route policy 1 src 192.168.10.0 255.255.255.0 dst 100.100.100.0 255.255.255.0 gw 1.1.1.1

2Enter the following command to route traffic from the 192.168.20.0 subnet to the 200.200.200.0 external network:

set system route policy 2 src 192.168.20.0 255.255.255.0 dst 200.200.200.0 255.255.255.0 gw 2.2.2.1

Routing a service to an external network

You can use the following policy routes to direct all HTTP traffic (using port 80) to one external network and all other traffic to the other external network.

1Enter the following command to route all HTTP traffic using port 80 to the next hop gateway with IP address 1.1.1.1.

set system route policy 1 src 0.0.0.0 0.0.0.0 dst 0.0.0.0

0.0.0.0protocol 6 port 1 1000 gw 1.1.1.1

2Enter the following command to route all other traffic to the next hop gateway with IP address 2.2.2.1.

Set system route policy 2 src 0.0.0.0 0.0.0.0 dst 0.0.0.0

0.0.0.0gw 2.2.2.1

54

Fortinet Inc.

Page 54
Image 54
Fortinet 100 user manual Policy routing examples, Routing a service to an external network