Policy routing
The policy routing feature allows us to force the traffic on a route different from the static route that we use for a certain destination network. Policy routing is based on a series of parameters such as protocol used, source network, and the input interface of the network traffic. Policy routing adds a lot of flexibility, allowing, for example, to select and direct requests to specific service networks dedicated only to specific functions. The configuration is made by navigating to the Router | Static | Policy Route menu as shown in the following screenshot:
Two of the fields that we can see in the preceding screenshot require additional explanation:
Protocol: Protocol numbers are based on the RFC 5237. You can read a complete list at http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml. Frequently used protocol numbers are 1 (ICMP), 6 (TCP), and 17 (UDP).
Type of Service: Type of service (TOS) is an 8-bit field in the IP header that enables you to determine how the IP datagram should be delivered, with qualities such as delay, priority, reliability, and minimum cost. You can read more details in the document Advanced Routing available at http://docs.fortinet.com/fgt/handbook/50/fortigate-advanced-routing-50.pdf.
Every time you create a policy route, it is added to the bottom of the routing table. The routes and routing policies are applied from top to bottom and the first match is applied. To change the position of a policy route in the table, go to Router | Static | Policy Route and select the Move To option for the policy route we want to move, as shown in the following screenshot:
