Question
FG originated traffic goes on wrong interface, while policy routing
Hello I have a FG50B with 3.0 MR4, policy routing is configured and is working correctly. The problem I have is with traffic that is originated from the FG itself (pings, updates, DNS lookups). This article (http://kc.forticare.com/default.asp?id=815&Lang=1&SID=) seems to say that the static route with the lowest " ID" (edit value) is chosen to originate the FG' s own traffic. But this does not work for me. Here are my static routes :
edit 1 set device " wan2" set gateway x.x.141.105 next edit 2 set device " wan1" set gateway y.y.13.129 nextThe output of a " get router info routing-table det" :
S* 0.0.0.0/0 [10/0] via x.x.141.105, wan2 [10/0] via y.y.13.129, wan1All this would seem to indicate that the FG' s own traffic should go out of wan2, yet a " exec traceroute 209.85.135.104" gives :
traceroute to 209.85.135.104 (209.85.135.104), 32 hops max, 72 byte packets 1 y.y.13.129 1 ms 1 ms 0 ms 2 y.y.168.109 5 ms 4 ms 3 ms 3 213.162.24.209 5 ms 4 ms 4 ms 4 etc...For info (even though the documentation says FG' s own traffic is not affected by policy routing), here is my policy routing rules:
edit 1 set end-port 22 set input-device " internal" set output-device " wan1" set protocol 6 set start-port 22 next edit 2 set end-port 3389 set input-device " internal" set output-device " wan1" set protocol 6 set start-port 3389 next edit 10 set input-device " internal" set output-device " wan2" nextNote : the last rule is number 10, so that I can add other rules before it without needing to move everything around. Any idea why this is happening ? (Sorry for the overly long post, I have a problem condensing my point of view :) ) Murphy