Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Policy based routing

Hi, Currently, I have ADSL internet line on WAN2 and all traffic (SMTP, HTTP, etc) passes through it. Users complain that it is too slow (6MB down, 1 up). I have our VoIP network (different subnet & physical network) on a Bell Fibe line (25M down and 6 up). There' s plenty of bandwidth to spare on the Bell Fibe line. I thought of running a cable between the Bell Fibe modem and WAN1 port (connect thru PPPoe). Then creating an ALLOW policy from Internal1 to WAN1 allowing only HTTP & HTTPS. DENYing HTTP & HTTPS on the Internal1 to WAN2 policy. That way our email server & other services would just use WAN2. I tried doing that and it didn' t work. The Internal1 to WAN2 deny HTTP/HTTPS policy blocked web browsing for users on Internal1 network. But it seems the Internal1 to WAN1 policy didn' t pick up the requests. What am I missing? Using Fortigate 80C on v5.0,build0271
Esteemed Contributor III

I would check my ordering of the firewall policies but diag debug flow would identify what fwpolicies you are hitting. I would use that as your 1st step in diagnostics and review your PBR rules




Esteemed Contributor III

A security policy will not ROUTE traffic on it' s own. For routing, a route is needed. In your case not the destination is the routing criterion but the service. Therefore, you need to create a Policy Route, specifying that HTTP(S) will be routed to WAN1. Please have a look at the FortiOS Handbook, chapter " Advanced Routing" , to learn the underlying principles.


"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors