- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Static route or policy route
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ss198939,
you can check the hit counts by using the below commands
#diag firewall proute list
you have to run the debug flow to check the exact policy route which matches the traffic
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Diagnostic-commands-to-check-the-status-of...
Thanks
Sasikumar.S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate checks first PBR table, in order, then regular FIB (static/dynamic) table. You could, for example, prevent going to the regular FIB by creating 2 PBR rules - 1st via the actual interface you want it to be routed to, 2nd, after this, PBR rule with the same match but routing traffic to a Loopback interface, which is always on, and this way black holing such traffic when regular interface is down. Not something I did, but thinking out loud.
EDIT: only after the publishing noticed the post is from 2018, but will leave it for future readers anyway.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think policy route is not good practice. Avoid using it unless it is "really really really" necessary. Use instead static routes, routing protocols, SD-WAN rules.