Fortinet black logo

Administration Guide

Configuring a policy route

Configuring a policy route

In this example, a policy route is configured to send all FTP traffic received at port1 out the port4 interface and to a next hop router at 172.20.120.23. To route FTP traffic, the protocol is set to TCP (6) and the destination ports are set to 21 (the FTP port).

To configure a policy route in the GUI:
  1. Go to Network > Policy Routes.
  2. Click Create New > Policy Route.
  3. Configure the following fields:

    Incoming interface

    port1

    Source Address

    0.0.0.0/0.0.0.0

    Destination Address

    0.0.0.0/0.0.0.0

    Protocol

    TCP

    Destination ports

    21 - 21

    Type of service

    0x00

    Bit Mask

    0x00

    Outgoing interface

    Enable and select port4

    Gateway address

    172.20.120.23

  4. Click OK.
To configure a policy route in the CLI:
config router policy
    edit 1
        set input-device "port1"
        set src "0.0.0.0/0.0.0.0"
        set dst "0.0.0.0/0.0.0.0"
        set protocol 6
        set start-port 21
        set end-port 21
        set gateway 172.20.120.23
        set output-device "port4"
        set tos 0x00
        set tos-mask 0x00
    next
end

Moving a policy route

A routing policy is added to the bottom of the table when it is created. Routing policies can be moved to a different location in the table to change the order of preference. In this example, routing policy 3 will be moved before routing policy 2.

To move a policy route in the GUI:
  1. Go to Network > Policy Routes.
  2. In the table, select the policy route.

  3. Drag the selected policy route to the desired position.

To move a policy route in the CLI:
config router policy
    move 3 after 1
end

Configuring a policy route

In this example, a policy route is configured to send all FTP traffic received at port1 out the port4 interface and to a next hop router at 172.20.120.23. To route FTP traffic, the protocol is set to TCP (6) and the destination ports are set to 21 (the FTP port).

To configure a policy route in the GUI:
  1. Go to Network > Policy Routes.
  2. Click Create New > Policy Route.
  3. Configure the following fields:

    Incoming interface

    port1

    Source Address

    0.0.0.0/0.0.0.0

    Destination Address

    0.0.0.0/0.0.0.0

    Protocol

    TCP

    Destination ports

    21 - 21

    Type of service

    0x00

    Bit Mask

    0x00

    Outgoing interface

    Enable and select port4

    Gateway address

    172.20.120.23

  4. Click OK.
To configure a policy route in the CLI:
config router policy
    edit 1
        set input-device "port1"
        set src "0.0.0.0/0.0.0.0"
        set dst "0.0.0.0/0.0.0.0"
        set protocol 6
        set start-port 21
        set end-port 21
        set gateway 172.20.120.23
        set output-device "port4"
        set tos 0x00
        set tos-mask 0x00
    next
end

Moving a policy route

A routing policy is added to the bottom of the table when it is created. Routing policies can be moved to a different location in the table to change the order of preference. In this example, routing policy 3 will be moved before routing policy 2.

To move a policy route in the GUI:
  1. Go to Network > Policy Routes.
  2. In the table, select the policy route.

  3. Drag the selected policy route to the desired position.

To move a policy route in the CLI:
config router policy
    move 3 after 1
end