Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
duckwood98
New Contributor

using " any" as interface on policy

how does fortigate determine order of policies when the interface is specified as " any" ? I am running with the global setting " set internal-switch-mode interface" and I want to take advantage of using " any" as interface to cut down on the number of policies I have to create. Are there any performance issues?
2 REPLIES 2
Adrian_Buckley_FTNT

The egress interface, in that case will be determined via the routing rules. The packet will take the the direction specified by the routing table. In the case of multiple options then the tie will be split based on the configured ECMP behavior.
norouzi
Contributor

Exactly. Routing will be run before Policy. So FortiGate knows the destination interface from the routes.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors