Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
seshuganesh
Staff
Staff

Created on ‎03-30-2022 03:17 AM Edited on ‎02-03-2025 09:53 PM By Community Manager

Article Id 207930

Technical Tip: Policy routes will not work for FortiGate initiated traffic

Description

This article describes that policy routes will not work for FortiGate-initiated traffic.
Scope FortiGate.
Solution

Policy routes are designed for forwarding traffic not for local out traffic.

 

Let's say that a specific subnet has been configured to forward through specific gateway using policy route, and to test the policy route by initiating the traffic from the firewall, it will not work.

Results will be unexpected.

 

Even if a source is mentioned as the LAN interface IP of the firewall while pinging using this command:

 

execute ping-options source 192.168.0.1 <----- If 192.168.0.1 is the lan interface IP.

 

It will not match the policy route, because still it is local out traffic only.

 

To test policy routes working, use the internal machine and initiate traffic.

 

Because these policy routes are designed for forwarding traffic.

 

Related articles:

Technical Tip: Pinging out to Internet from local interface

Technical Tip: Unable to ping public servers (for testing) using ping-option source interface
3744
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.