|
FortiGate is a stateful inspection firewall; by default, firewall features are enabled.
FortiGate supports various routing protocols including RIP, OSPF, BGP, and IS-IS. These protocols help in building a map of the network topology to identify the best routes to reach different destinations.
It is possible to use FortiGate as a Layer 3 router by enabling asymmetric routing.
config system settings
set asymroute enable
end
If VDOM is enabled on FortiGate, it is possible to enable Asymmetric routing in each VDOM:
config vdom
edit <vdom_name>
config system settings
set asymroute enable
end
end
Note:
FortiGate will still behave as a firewall blocking all traffic. To allow any traffic to cross the firewall as a router does a firewall policy will be needed between any interface to any interface allowing all traffic. The following firewall policy does that:
config firewall policy
edit 1
set name "allow_any_to_any"
set srcintf "any"
set dstintf "any"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
next
end
Related article:
Technical Tip: How the FortiGate behaves when asymmetric routing is enabled
|
