Fortigate Policy Based Routing have big problem

ErtanERBEK · ‎02-12-2016

I think Fortigate Policy based routing work but it should effect network packet because of that other router can't understand or send that packet to anyware. If you look my test toplogy I have two fortigate device and I just want send some request to SecondGW via FirstGw also FirstGW send packet to secondGW but secondGW drop or can't understand that packet if I use Policy Based Routing. Another way I use route system and sedn all traffic to second GW and vala working so my opinion Fortigate Policy Based Routing not work if any one want tray same system I will upload my config to internet and download link past here.

I hope Fortigate fix this problem in feature.

Policy Based Routing test

http://s8.dosya.tc/server2/sv28ym/PBR.zip.html

Routing test

http://s8.dosya.tc/server2/ymczh9/DefaultRouter.zip.html

Ralph1973 · ‎02-18-2016

Hello

It is not entirely clear for me. As I understand it, a client sends a packet to GW1 and GW1 needs to forward to GW2, which forwards further? The first things that occur to me:

What traffic is forwarded? Is it natted from the outside ip of GW1 and then enters GW2? Or is the packet rerouted on the inside to be send out of the other Gateway?

My experience with (policy based) routing configuration is that you always need to check if there is a path back to the originator. So routing for returning traffic should be in place.

There might be anti spoofing issues (cannot determine now), you can check your log messages or do a debug flow filter trace.

I think you need to supply more information.

Kind regards,

Ralph Willemsen

Arnhem, Netherlands

emnoc · ‎02-18-2016

Agreed but better yet the destination your trying to reach is is in the route table on gw2? Also, ( this should be posted as a big sticky ) did you run diag debug flow on the gateways?

PCNSE

NSE

StrongSwan

Fortigate Policy Based Routing have big problem

Nominate a Forum Post for Knowledge Article Creation