| Description | This article describes how a policy route behaves when there is a policy route configured with destination 0.0.0.0/0. |
| Scope | FortiGate. |
| Solution |
If there is a policy route created with the destination as 0.0.0.0/0, then all the traffic will be forwarded to the destination interface, even if there is internal, VPN traffic.
If it is internal, the VPN traffic should be routed to a different interface, then it is necessary to fine-tune the policy route with the specific destination to a specific interface and simultaneously for other traffic as well.
Below is an example of the 192.168.1.0/24 network which is learned through port2, however when the policy route is created with destination 0.0.0.0/0 towards port1, all the traffic will be routed through port1 due to the policy route.
kaon-kvm40 # get router info routing-table details 192.168.1.0 Routing table for VRF=0
Even though there is a route available through port2, due to the policy route, the route is matching port1 and forwarding the traffic to port1.
The created policy route towards port2 for the destination is 192.168.1.0/24.
As the policy route ID 2 is on top for destination 192.168.1.0/24 towards port2, the traffic is being forwarded towards port2.
Similarly, if there is VPN traffic, any other internal traffic needs to create a policy route accordingly and fine-tune the policy routes by reordering the sequence. Policy route with destination 0.0.0.0/0 should be always down, and specific destination network policy routes should be configured top to destination 0.0.0.0/0 policy route.
For specific traffic, if the requirement is not to match the policy route: a new policy route can be configured on top with the option selected as 'Stop Policy Routing'.
Related article: |
