Skip to main content
bidge
bidge
New Member
July 6, 2024
Question

Policy Base Routing not Returning Traffic

  • July 6, 2024
  • 3 replies
  • 1417 views

We are trying to setup a PBR to send specific traffic from 1 host to another host over a IPSEC VPN instead of a metro-E link but are having a return traffic issue. We have fortigates at both ends of the tunnel and tried setting PBR in both. For the gateway, we are using the remote VPN IP and also have tried adding a static route at the same administrative number with a lower metric (lower priority). Kind of stuck as to if we are missing anything else needed for PBR to work and return traffic.

3 replies

AEK
SuperUser
AEK
SuperUser
July 6, 2024

Can you share the policy routes and routing tables (CLI) from both FortiGates? You may hide sensitive info like public IP addresses.

AEK
amrit
Staff & Editor
amrit
Staff & Editor
July 6, 2024

Please follow this article and make sure tunnel IDs are added to the IPsec tunnel interfaces 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-policy-routes-for-route-based-interface/ta-p/193376

rvillaroman
Staff & Editor
rvillaroman
Staff & Editor
July 8, 2024

Hi @bidge ,

 

On your setup, you have Fortigate, where you set the PBR and static route with lower priority pointed to VPN. If you have control over the VPN peer device, kindly create a specific route pointed to the VPN for return traffic. By using PBR, we can only manipulate outbound traffic; for inbound traffic, you need to set a more specific route pointed to the VPN on your VPN peer device. If there is no specific route set, it will send on the WAN or on the interface the default route it pointed. 

 

Regards,

Terms & ConditionsAccessibility statement