Fortinet black logo

Policy and Route Lookup

Copy Link
Copy Doc ID 4d03f4a8-36de-11e9-94bf-00505692583a:184224
Download PDF

Policy and Route Lookup

Policy Lookup allows administrators to search for policies on a FortiGate device (or VDOM) based on certain input parameters. The input parameters simulate a packet received on FortiGate, and return the matching policy that would be triggered for it. This feature helps administrators troubleshoot issues and test new policies that they are creating.

Route Lookup allows administrators to similarly test a routing decision by specifying similar types of input parameters. Both policy routing and normal routing are consulted for the decision.

Note

The policy and route lookup features are both invoked using the FortiGate API, as they require the real-time state of the FortiGate.

Policy Lookup

  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, select a policy package then a policy type, such as IPv4 Policy.
  3. Click Policy Lookup in the toolbar.

    The IPv4 Policy lookup from remote device dialog box opens.

  4. Fill in the required information, then click OK.

    The matching policy entry, learned from the remote FortiGate, will be highlighted in the policy list.

Route Lookup

  1. Go to Device Manager, and open a synchronized, managed device.
  2. Go to Query > Routing.
  3. Click Route Lookup in the toolbar.

    The Route Lookup dialog box opens.

  4. Select IPv4 or IPv6, enter the destination address, then click OK.

    A pop-up will show the show the route information from the FortiGate, and the route will be highlighted in the routing table.

Related Videos

sidebar video

Policy and route lookup on FortiManager

  • 979 views
  • 5 years ago

More Links

Policy and Route Lookup

Policy Lookup allows administrators to search for policies on a FortiGate device (or VDOM) based on certain input parameters. The input parameters simulate a packet received on FortiGate, and return the matching policy that would be triggered for it. This feature helps administrators troubleshoot issues and test new policies that they are creating.

Route Lookup allows administrators to similarly test a routing decision by specifying similar types of input parameters. Both policy routing and normal routing are consulted for the decision.

Note

The policy and route lookup features are both invoked using the FortiGate API, as they require the real-time state of the FortiGate.

Policy Lookup

  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, select a policy package then a policy type, such as IPv4 Policy.
  3. Click Policy Lookup in the toolbar.

    The IPv4 Policy lookup from remote device dialog box opens.

  4. Fill in the required information, then click OK.

    The matching policy entry, learned from the remote FortiGate, will be highlighted in the policy list.

Route Lookup

  1. Go to Device Manager, and open a synchronized, managed device.
  2. Go to Query > Routing.
  3. Click Route Lookup in the toolbar.

    The Route Lookup dialog box opens.

  4. Select IPv4 or IPv6, enter the destination address, then click OK.

    A pop-up will show the show the route information from the FortiGate, and the route will be highlighted in the routing table.