Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Explanation Of Policy Routes With Scenario In Fortigate Firewall

Here in this article we will understand how policy routes works in fortigate firewall with scenario. Here is the topology:

There are two LAN networks and two ISP connections, requirement is to forward LAN 1 connections towards internet only through ISP1 and LAN2 connections towards internet through ISP2 and LAN1 and LAN2 should be able to contact each other.

Topology

Now First step is to configure two policy routes one for LAN1 to ISP1 and other for LAN2 to ISP2.

Configuration of first policy route:

Click on network >> policy routes and create new, and fill the fields as shown below:

Incoming interface: Select LAN1 interface

Source Address: Give LAN1 network

Destination Address: Give destination as “0.0.0.0/0” which will match all IP address

Outgoing interface: Select outgoing interface as “WAN1” and give gateway IP address below to the outgoing interface.

You can see below screenshot for the reference:

policyroute-1

policyroute1-2

In the similar way, you need to configure another policy route for LAN2 to WAN2 as well.

Now first requirement is achieved.
Second requirement is to make inter LAN routing to happen, this can be achieved by configuring two more policy routes on top of these policy routes

First policy route for LAN1 to LAN2 and second policy route for LAN2 to LAN1

Configuring LAN1 to LAN2 policy route:

Incoming Interface: Select LAN1 incoming interface

Source Address: Give LAN1 address range

Destination Address: Give LAN2 address range

Outgoing Interface: Select LAN2 interface as outgoing interface

Gateway: If LAN2 is not directly connected network, you can define gateway. If it is directly connected network you can define gateway as “0.0.0.0” which means no gateway.

You can see below screenshot for reference:

LAN1 to LAN2

LAN1 to LAN2

In the similar way you need to configure LAN2 to LAN1 policy route as well.

Note-1: Make sure to define both LAN1 to LAN2 policy route and LAN2 to LAN1 policy route on top.

Note-2: As per the routing you have configured make sure there are firewall policies to allow the traffic for the respective interfaces.

Hope this article helps you 🙂