Skip to main content
akshaywaghm
akshaywaghm
New Member
February 1, 2025
Question

PBR

  • February 1, 2025
  • 3 replies
  • 1888 views

Hello everyone,

I’m currently facing an issue with the FG3501F Firewall. If anyone has encountered something similar, could you share the technical reason behind it?

 

Here’s the scenario:

We have two interfaces on the Fortigate firewall connected to the Server Farm—Port1 and Port8. The goal is to route internet traffic via a static route and intranet traffic via Policy-Based Routing (PBR). We’ve configured PBR for the /16 subnets toward Port1 for intranet traffic, while adding a static route for the same subnets towards Port8 for internet traffic. However, the firewall is not prioritizing the PBR, and *all traffic is routing through the static route instead*.

 

Any insights?

3 replies

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
February 1, 2025

Hi @akshaywaghm ,

 

I believe that you are asking why the traffic to the Server Farm is always through port1, not port8, right?

 

If yes, that's because, for PBR, FGT is matching the traffic with the source interface, destination address, and service, once matched, direct it to the destination interface.

 

The PBR policies with port1 and por8 must be very similar, except the destination interface, one is por1, another one is port8.

 

The one with port1 must be above the other one with port8.  So it is always being matched first.  And once matched, it will skip all the rest of the PBR policies.

 

 

 

    akshaywaghm
    akshaywaghmAuthor
    New Member
    February 1, 2025

    No, my concern is Y the firewall is not prioritizing the PBR, and *all traffic is routing through the static route instead*

    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    February 1, 2025

    Hi @akshaywaghm ,

     

    Then you need to share the PBR configurations and share details about what the traffic is, including something like source address, destination address, source interface. destination interface, service (protocol and/or port), and so on.

     

    And please share the routing table on FGT:

     

    get router info routing-table all

      LandryFinn
      LandryFinn
      New Member
      February 12, 2025

      I also faced the same issue.

      dingjerry_FTNT
      Staff
      dingjerry_FTNT
      Staff
      February 12, 2025

      Hi @LandryFinn ,

       

      Please share the PBR configurations and the details about the interesting traffic.

       

      And please share the routing table on FGT:

       

      get router info routing-table all

      Terms & ConditionsAccessibility statement