Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

MendSa
New Contributor

Policy Routing Question

Hi All,

Do you have any way to know if a policy route (PBR) is being used? Something like a hitcount ...or some counter that tells me when it was last used?
Regards!

------------------------------
Mendes Sa


------------------------------
5 REPLIES 5
DeepKuma2
Contributor

Hi,
As per my knowledge, there is no such way but you can use the sniffer trace for a real-time trace to any packet. You will get an idea.

------------------------------
Deepak Kumar
First Option General Trading LLC
Dubai
------------------------------
Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
MendSa

My problem is that I have a legacy firewall with many PBRs. I wanted to disable them. Using the sniffer can take a long time to validate all the PBRs. So I thought I could have some statistical indicator of use of these PBRs.
Anyway, thanks for the help.
Regards!

------------------------------
Mendes [LastName] [Designation]
Analyst
[CompanyName]
[City] [State]
[Phone]
------------------------------
PC
New Contributor III

Thinking outside the box. What if you made sure the policy bases routes would use a rule if hit. You could then use the rule counters. For example if a policy based rule applied to 192.168.5.5 to 8.8.8.8 you make a rule to apply only to that traffic.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD33786



------------------------------
Peter [LastName] [Designation]
Enterprise Engineer, Networking
[CompanyName]
[City] [State]
[Phone]
------------------------------
KirtAnto
New Contributor II

You can verify and confirm by checking the routing table and debug.

FGT # get router info routing-table all
You can see the routes added for you policy route.

FGT # diagnose sniffer packet any "host <ip address>" 4
or is services are involved the you can use
FGT # diagnose sniffer packet any "host 10.160.0.10 or port 80 or port 53" 4
Regards, Kirthy
Regards, Kirthy
KirtAnto
New Contributor II

Please check out the below link for full details.
https://kb.fortinet.com/kb/viewContent.do?externalId=FD31240
Regards, Kirthy
Regards, Kirthy
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.