Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nealio
New Contributor

Policy Based Routing (PBR) not being applied.

100EF A-A cluster running 6.0.2, attempting to build a PBR to direct specific traffic towards a VPN Tunnel interface. 

 

I've built a valid PBR, but it doesn't seem to have any affect on the traffic (it continues to follow the default route). Are there any tricks to getting this to work? 

 

I've tried to debug the flow, but the syntax for 6.0 seems to have changed and I'm unable to find the new command set. 

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

If you want to route a specific traffic into the tunnel against the default route (probably outside of the tunnel), you need a route, not a policy route, into the tunnel. Policy routes never work without routes.

Nealio

But a static route won't selectively direct traffic to use the tunnel, it'll send 100% of the traffic to the VPN tunnel. 

 

Is there a reason why I can't use a Policy Based Route?

Toshi_Esumi

If you want, let's say 10.10.10.0/24 sourced from a.a.a.a/24 into a tunnel, and from b.b.b.b/24 to somewhere else by policy routes, you have to have two routes 10.10.10.0/24->tunnel, 10.10.10.0/24->other interface in your routing table.

You can set a higher number of priority (lower priority), like 10, for the "tunnel" route so that you don't have to have two policy routes for both. Because the "other interface" route has higher priority (0), you just need to create a policy route toward the tunnel to take away and redirect the specific route you want to route it through the tunnel.

You just need to have both routes in the routing table (RIB).

 

If you seach "fortigate policy routing configuration" on the internet, you can find many examples having two default routes toward two different wan interfaces and a policy route takes away specific service/port, etc. and redirect to one side. Again it has to have two default routes for those cases.

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors