Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Myth
New Contributor III

Webfilter URL Routing / PBR. What is the overall best approach?

I am about to get a dedicated link into AWS HK, its an AWS Direct Connect, over which I need to route all traffic for an Autodesk Product. This is then to a Squid Proxy inside AWS HK then back out to the internet. This is to improve stability to the Autodesk service for an office in an internet restricted country.   Here is a link to their IP ranges, ports and FQDN: https://knowledge.autodesk.com/support/shotgrid/learn-explore/caas/CloudHelp/cloudhelp/ENU/SG-Admini...   It looks like it is all :443, several FQDN, handful of supplied IP and then "AWS Dynamic Range".   Im not currently using SD-WAN. So what will be the best way to route this traffic out a specific interface? For now I only want this specific traffic, no other.   I intended to use Policy Based Routing - how ever that only allows "Address or Address Group" and for the AWS Dynamic Range that would then require entering 100s of address manually then adding them to an "Address Group".   What would be the smartest way? Web / DNS Filtering - is that an option?   Thanks in advance.  5.6.12  

1 REPLY 1
mgoswami
Staff
Staff

Hi,

 

To route a specific traffic out of a specific interface, PBR is the only best way to do it.

You may refer to this link to configure PBR:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-the-firewall-Policy-Routes/ta-...

 

BR,

Manosh

Labels
Top Kudoed Authors