Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Policy routing and Rule Based Routing



I have a FortiWifi 60D and 2 ISP lines - 1A and 2B


All my users traffic flows through line 1A

when I define a rule to flow their traffic from LAN1 to 2B. it doesnt work at all.

Whenever i define a Policy Route it works but i lose some functionality.


i have line 1A defined in static route table as to 0.0.0.

and line 2B - x.x.x.x/32 to ISP IP HOP


could line 1A definition be a problem?


moreover, i tried defining a VIP for line 2B - x.x.x.x mapped to my LAN1

yet i received an error "duplicate entry" - which i found nothing that resembles that entry i was trying to configure.


im kind of lost here,


Esteemed Contributor III

policy routing = rule based routing = policy based routing (PBR)



I cannot really see what you're asking. Traffic to the internet follows the default route which is "" ,  not "/32". This is no actual subnet but a wildcard matching all routes. If your default route points to wan1 then all users will use wan1.

You use a PBR to divert traffic away from the default route. You can match the source address, the service or the destination address in a PBR.

If you want to use both WAN ports equally you would define an identical second default route for wan2.

So, please clarify what your goal and your question is. If you want instructions, please state your firmware version.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
New Contributor


Thanks for the answer, ill clarify what im trying to achieve.

I'm trying to achieve Load Balancing for a specific network.

I have 2 ISPs, as I have stated 1A (WAN1) and 2B (WAN2).

Currently both lines are defined as static route with the value

Both lines are set to equal weight.


However, No traffic flows through 2B. Even though I have rules defined to specific networks to use WAN2 and placed first in the sequence. I also tested it by disconnecting line 1A - no traffic.


Furthermore, when I defined PBR for that 1 specific network, I lost part of my services - like some users can get mails via Office365 and some don't (everything in Office365 - DNS/MX/Etc.. is defined correctly else it wouldnt work at all without LB)


I hope this is sufficient, I can provide more details if needed.




New Contributor

I've been redefing it from scratch this whole morning.

so far:

If I configure all my services and appropriate records to point to wan2 solely - works like a charm

if i do the same for wan1 - work great


when i try to define them both, in conjuction using the same configurtions and doubling up records - only wan1 works even if i define higher weight and priority.




Hi Dotix,


Make sure there are 2 default routes (via wan1 and wan2 both)


You can verify with command 'get router info routing-table details'

If you want both the routes to be active, you should have the distance of both the default routes to be same.

Coming to the priority, lower the priority, higher the privilege.



Wan1 default route : Distance : 10 ; priority 0 (default)

Wan2 default route : Distance : 10 ; priority 10


In the above case, only WAN1 route is used. However, the Wan2 route still there in the routing table, which can be used with policy based routes, VIP


Hope that helps.






Thanks for the replies.


I've tried that - it doesn't work.

No matter what i've tried - the balancing doesnt work


Hello Dotix,


Could you please attach the config file?



New Contributor III

Hi There,


If you disconnect one link and there is no traffic then it means there is definitely a misconfiguration. First make sure you each link works perfect on its own.


Thanks and Regards



hezvo uko
hezvo uko
Top Kudoed Authors