Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aionescu
Staff
Staff

Created on ‎06-30-2022 02:47 AM Edited on ‎12-29-2025 07:59 AM By Community Manager

Article Id 216373

Technical Tip: Local-out IKE traffic match Policy Based Routing

Description This article describes how to configure the FortiGate so local-out IKE traffic matches the configured Policy Based Routing.
Scope FortiGate v 6.4.9, v7.0.2 and v7.2.0.
Solution

There are cases when IKE local-out traffic needs to match a configured Policy-Based Routing.

Since v6.4.9, 7.0.2 and v7.2.0, a new, per VDOM, option was introduced:

 

config system setting

set ike-policy-route enable | disable

 

By default, the ike-policy-route is disabled. When disabled, the policy route is not being checked and the FortiGate only checks the routing table.

 

When enabled, the FortiGate first checks the Policy route to send the IKE packets before checking the routing table. Note that for a PBR match, the firewall must have a valid route to the remote gateway.


More information about enabling policy route lookup for local-out IKE traffic:
Technical Tip: Enable policy route lookup for local-out IKE traffic

 

More information about Policy-Based Routing:

Policy routing
1767
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.