Created on 04-12-2023 06:24 AM Edited on 05-11-2023 05:06 AM By Stephen_G
|Description||This article describes the behavior of FortiOS when auxiliary sessions or asymmetric routing co-exist with policy based routing in certain environments.|
|Scope||FortiGate v6.4.10, v7.0.1, v7.2.0 and v7.4.0.|
The main purpose of auxiliary sessions is to control the return traffic path.
More information regarding this setting can be found in the following public documentation:
There are certain environments where network administrators need to enable auxiliary sessions with a combination of policy-based routing.
Policy-based routing behaves differently when auxiliary session settings is switched on and there are two possible states which could occur:
1) When the 'auxiliary-session' is set as disabled the return traffic always follows the originating interface. If PBR uses a different interface, it will ignore the PBR.
2) When the 'auxiliary-session' is set to 'enabled', the return traffic will always respect PBR.
A similar behavior can be also noticed with the combination of asymmetric routing in conjunction with policy based routing.
More information regarding asymmetric routing feature can be found in the following article:
3) When asymmetric routing is enabled, the return traffic will always respect PBR.
4) When asymmetric routing is disabled, the behavior is the same as in 1.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.