Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Static route or policy route

Hi All I knw policy route having preference over Static and all other route But do anyone knw a command to make sure that traffic is going only via policy route not via static route. I am asking this question in case someone has misconfigured policy route.

Hi ss198939,

you can check the hit counts by using the below commands 

#diag firewall proute list

you have to run the debug flow to check the exact policy route which matches the traffic


Valued Contributor

Fortigate checks first PBR table, in order,  then regular FIB (static/dynamic) table. You could, for example, prevent going to the regular FIB by creating 2 PBR rules - 1st via the actual interface you want it to be routed to, 2nd, after this, PBR rule with the same match but routing traffic to a Loopback interface, which is always on, and this way black holing such traffic when regular interface is down.  Not something I did, but thinking out loud.


EDIT: only after the publishing noticed the post is from 2018, but will leave it for future readers anyway.

Yuri  blog: All things Fortinet, no ads.
Yuri blog: All things Fortinet, no ads.
Honored Contributor

I think policy route is not good practice. Avoid using it unless it is "really really really" necessary. Use instead static routes, routing protocols, SD-WAN rules.

Top Kudoed Authors