Skip to main content
esunarto
esunarto
New Member
January 30, 2020
Question

Policy based routing

  • January 30, 2020
  • 2 replies
  • 5777 views

let me preface this post by saying i'm a novice on fortigate configuration, but i've been doing cisco and mikrotik config for over a decade.

 

i'm trying to do a simple policy based routing.

we have 2 gateways in our small office, 192.168.5.18 (fortigate), 192.168.5.1 (cisco)

test pc :192.168.5.128

the default gw in the pc is the fortigate (can't change this)

all i want to do is to route all traffic from pc to internet via cisco.

 

it should be very simple, i'm attaching the screenshot.

when the policy is enabled, the pc can no longer access the internet. so something got blocked somewhere in the fortigate.

i've done packet capture in the cisco and i don't see the traffic being forwarded from fortigate to cisco.

 

i've also added policy (ipv4) to allow lan to lan (no nat).

still doesn't work.

 

please help?

Thanks in advanced.

    2 replies

    rwpatterson
    rwpatterson
    New Member
    January 30, 2020

    Not an answer, but a question. Why do you need a Fortigate AND a Cisco?

    esunarto
    esunartoAuthor
    New Member
    January 30, 2020

    ultimately because i don't want to put all of my network basket into 1 vendor solution.

    but also because i have 2 ISPs and i'm far more comfortable with cisco right now.

    i can't even figure out port forwarding in fortigate. might be related to the L2 limitations that toshiesumi mention

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    January 30, 2020

    L2 design problem with a FW. I saw a similar post this month or last month in this forum. The PC's GW is the FGT, and FGT's detault route goes to the Cisco. That's the outgoing direction. But for returning, the Cisco sees the PC on the LAN and send packets directly back to the PC. The FGT only sees one direction of traffic, so must be flagging the traffic erroneous and blocking it. For L3 devices this is not a problem. But with a FW (L4 and application layer device) it's a problem.

    esunarto
    esunartoAuthor
    New Member
    January 30, 2020

    thanks for the reply. "normal" routing within a subnet typically send a reply to the pc saying, contact cisco instead right? is this the difference on policy based routing?

    Terms & ConditionsAccessibility statement