Policy Route Router Static
FortiGate Version 4.0 MR1 Administration Guide
352 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Adding a policy route
To add a policy route, go to Router > Static > Policy Route and select Create New.
For more information on Type of Service, see “Type of Service” on page 353.
Figure 184 shows the New Routing Policy dialog box belonging to a FortiGate unit that
has interfaces named “external” and “internal”. The names of the interfaces on your
FortiGate unit may be different.
Figure 184: Example policy route to route all HTTP traffic received at port5 to port4
Edit icon Edit a policy route.
Move To icon After selecting this icon, enter the destination position in the window that
appears, and select OK.
For more information, see “Moving a policy route” on page 354.
Protocol To perform policy routing based on the value in the protocol field of the
packet, enter the protocol number to match. The Internet Protocol Number is
found in the IP packet header. RFC 5237 describes protocol numbers and
you can find a list of the assigned protocol numbers here. The range is from 0
to 255. A value of 0 disables the feature.
Tip: Commonly used Protocol settings include 6 to route TCP sessions, 17
for UDP sessions, 1 for ICMP sessions, 47 for GRE sessions, and 92 for
multicast sessions.
Incoming Interface Select the name of the interface through which incoming packets subjected to
the policy are received.
Source Address /
Mask
To perform policy routing based on the IP source address of the packet, type
the source address and network mask to match. A value of
0.0.0.0/0.0.0.0 disables the feature.
Destination
Address / Mask
To perform policy routing based on the IP destination address of the packet,
type the destination address and network mask to match. A value of
0.0.0.0/0.0.0.0 disables the feature.
Destination Ports To perform policy routing based on the port on which the packet is received,
type the same port number in the From and To fields. To apply policy routing
to a range of ports, type the starting port number in the From field and the
ending port number in the To field. A value of 0 disables this feature.
The Destination Ports fields are only used for TCP and UDP protocols. The
ports are skipped over for all other protocols.
Type of Service Use a two digit hexadecimal bit pattern to match the service, or use a two digit
hexadecimal bit mask to mask out. For more information, see “Type of
Service” on page 353.
To Next Page
Loading...
Need help?
General