we did not managed to have it work.
In fact :
- we have a machine with 192.168.XX.1 as IP
- our firewall has 192.168.XX.254 as IP
- Fortinet is 192.168.XX.250 as IP. A PBR is done to say : if a packet comes from 192.168.XX.0 and wants to go to "any" then send it to 192.168.XX.254. Quite simple.
Then, as you guess, the returning packet goes directly from firewall (.254) to the machine (.1) avoiding Fortinet, resulting in assymmetric routing.
UDP is for telephony, then we also disable sipalg on fortinet.
As we activated assymmetric routing on fortinet all of that is ok for TCP.
But how to help UDP to be OK ?
On the 192.168.XX interface of Forninet we only have this rule, which is quite large :)
What are we missing ?
Thanks for your help