Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

MendSa
New Contributor

Created on ‎01-23-2019 03:32 AM

Policy Routing Question

Hi All,

Do you have any way to know if a policy route (PBR) is being used? Something like a hitcount ...or some counter that tells me when it was last used?
Regards!

------------------------------
Mendes Sa


------------------------------
Labels:
576
0 Kudos
5 REPLIES 5
DeepKuma2
Contributor

Created on ‎01-23-2019 03:54 AM

Hi,
As per my knowledge, there is no such way but you can use the sniffer trace for a real-time trace to any packet. You will get an idea.

------------------------------
Deepak Kumar
First Option General Trading LLC
Dubai
------------------------------
Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
540
0 Kudos
MendSa
New Contributor
In response to DeepKuma2

Created on ‎01-23-2019 04:24 AM

My problem is that I have a legacy firewall with many PBRs. I wanted to disable them. Using the sniffer can take a long time to validate all the PBRs. So I thought I could have some statistical indicator of use of these PBRs.
Anyway, thanks for the help.
Regards!

------------------------------
Mendes [LastName] [Designation]
Analyst
[CompanyName]
[City] [State]
[Phone]
------------------------------
540
0 Kudos
PC
New Contributor III
In response to MendSa

Created on ‎01-23-2019 07:26 AM

Thinking outside the box. What if you made sure the policy bases routes would use a rule if hit. You could then use the rule counters. For example if a policy based rule applied to 192.168.5.5 to 8.8.8.8 you make a rule to apply only to that traffic.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD33786



------------------------------
Peter [LastName] [Designation]
Enterprise Engineer, Networking
[CompanyName]
[City] [State]
[Phone]
------------------------------
540
0 Kudos
KirtAnto
New Contributor II

Created on ‎04-03-2019 11:28 PM

You can verify and confirm by checking the routing table and debug.

FGT # get router info routing-table all
You can see the routes added for you policy route.

FGT # diagnose sniffer packet any "host <ip address>" 4
or is services are involved the you can use
FGT # diagnose sniffer packet any "host 10.160.0.10 or port 80 or port 53" 4
Regards, Kirthy
Regards, Kirthy
540
0 Kudos
KirtAnto
New Contributor II

Created on ‎04-03-2019 11:29 PM

Please check out the below link for full details.
https://kb.fortinet.com/kb/viewContent.do?externalId=FD31240
Regards, Kirthy
Regards, Kirthy
540
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.