FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
subramanis
Staff
Staff
Article Id 270555
Description

 

This article discusses the configured policy route types in the policy route table.

 

Scope

 

FortiGate.

 

Solution

 

There are 3 types of policy routes displayed in the Policy Route Table (Regular policy route, ISDB route, and SD-WAN rules).

 

diagnose firewall proute list
list route policy info(vf=root):

id=1(0x01) dscp_tag=0xfc 0xfc flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=5(port3) dport=0-65535 path(1) oif=3(port1) gwy=192.0.1.254
source(1): 0.0.0.0-255.255.255.255
destination(1): 0.0.0.0-255.255.255.255
hit_count=0 last_used=2023-08-26 10:06:57

 

This is a regular policy route(ID<65535).

 

id=2113929219(0x7e000003) static_route=3 dscp_tag=0xfc 0xfc flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=0(any) dport=1-65535 path(1) oif=3(port1) gwy=192.0.1.254
source wildcard(1): 0.0.0.0/0.0.0.0
destination wildcard(1): 0.0.0.0/0.0.0.0
internet service(1): Fortinet-FortiGuard(1245324,0,0,0,0)
hit_count=0 last_used=2023-08-26 10:06:31

 

This is an ISDB route(ID>65535 and no vwl_service field).

 

id=2130771969(0x7f010001) vwl_service=1(internet) vwl_mbr_seq=1 dscp_tag=0xfc 0xfc flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0(any) dport=1-65535 path(1) oif=4(port2)
source(1): 0.0.0.0-255.255.255.255
destination(1): 0.0.0.0-255.255.255.255
hit_count=1 last_used=2023-08-26 10:07:51

 

This is an SD-WAN rule (ID>65535 and the vwl_service field is present).

Contributors