I am not intent on sticking with it, I am only intent on keeping the servers up! I am not familiar with interface based, I see static/dynamic or PBR as my routing options on the Fortigate. Thanks!

I think Asymmetrical routing might have to be enabled if the traffic does not followed the expect uRPF checks. set asymroute enable but if I' m hearing you right, you want to leverage the MPLS backbone as the next-hop and still keep your internal-internet carrier. I would also worry that your MPLS might be enabled for uRPF checks also, if the VIP outside address is NOT expect over that MPLS link. just my quick 2cts

Based on the responses, would my PBR not work as it is configured? I am getting the sense that it will not be easy to do what I was hoping, I could be wrong but if someone could demonstrate how another routing configuration could work it would be very helpful. Thanks Again

without seeing a map or topo, it would be hard to determine if PBR would work. Your diagram is not clear, but the areas to look at would be all that was mention earlier, and most of those would variables that you would have to address or looked at more closer, to even remotely determine if this setup would work If all of the variable and areas of concerns are figured out, than it should work.

I am not sure what is not clear Currently entire network uses our Verizon internet circuit(current default route on Fortigate) Webservers on DMZ use VIPs from the Verizon IP block and are statically Natted to private DMZ IP addresses Want to move default route from Verizon to new MPLS for entire network except for the Webservers which will stay on the Verizon Circuit and keep using the current vIPs Thanks

to add to the fuzz, I think the setup and the task both are clear. PBR is an alternative to routing when the routing decision is NOT based on the destination but on some other criteria. In your case, this specific route to the old WAN interface should be chosen for a specific source address. So IMHO setting up a PB route for this is perfectly OK - and the only means to achieve this. The PB route will take care of outgoing traffic. You already posted that for incoming traffic you will use a VIP. The FGT will remember the interface the traffic came in, and will send the reply traffic back to the correct interface. The real question is: can your external users find the correct (old) interface? That is, is the external IP _only_ routed to the old WAN interface? If so, I don' t see any problems with your setup. BTW, please disregard Bob' s post. Methinks he' s mixed up PBR with VPN interface/policy mode. Right?

Thanks for all the info! Appreciate it