Description | This article describes FortiGate's routing decision for outgoing and reply traffic. |
Scope | FortiGate, routing. |
Solution |
By design and by default, FortiGate performs two routing lookups:
Refer to the chart on: Technical Tip: Routing in FortiGate (route-lookup-process)
Note: After v6.4/v6.2.3, policy-routes are no longer checked if the dst-ip belongs to a directly connected subnet.
Reply direction:
Default settings { asymmetric routing disabled; auxiliary sessions disabled (per VDOM specific) }
Behavior in v6.4.x:
Behavior in v7.0.1 onwards:
Find an explanation example of SD-WAN auxiliary sessions: Technical Tip: SD-WAN/Auxiliary Sessions |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.