Support User Manuals

Fortinet FortiGate-800 Network Card User Manual

Open as PDF

of 336

Network configuration Configuring DHCP services

FortiGate-800 Installation and Configuration Guide 157

Using policy routing you can build a routing policy database (RPDB) that selects the

appropriate route for traffic by applying a set of routing rules. To select a route for

traffic, the FortiGate unit matches the traffic with the policy routes added to the RPDB

starting at the top of the list. The first policy route that matches is used to set the route

for the traffic. The route supplies the next hop gateway as well as the FortiGate

interface to be used by the traffic.

Packets are matched with policy routes before they are matched with destination

routes. If a packet does not match a policy route, it is routed using destination routes.

The gateway added to a policy route must also be added to a destination route. When

the FortiGate unit matches packets with a route in the RPDB, the FortiGate unit looks

in the destination routing table for the gateway that was added to the policy route. If a

match is found, the FortiGate unit routes the packet using the matched destination

route. If a match is not found, the FortiGate unit routes the packet using normal

routing.

To find a route with a matching gateway, the FortiGate unit starts at the top of the

destination routing table and searches until it finds the first matching destination route.

This matched route is used to route the packet.

For policy routing examples, see “Policy routing examples” on page 55.

Policy routing command syntax

Configure policy routing using the following CLI command.

set system route policy <route_int> src <source_ip>

<source_mask> iifname <source-interface_name>

dst <destination_ip> <destination_mask>

oifname <destination-interface_name> protocol <protocol_int>

port <low-port_int> <high-port_int> gw <gateway_ip>

Complete policy routing command syntax is described in Volume 6: FortiGate CLI

Reference Guide.

Configuring DHCP services

You can configure DHCP server or DHCP relay agent functionality on any FortiGate

interface.

A FortiGate interface can act as either a DHCP server or as a DHCP relay agent. An

interface cannot provide both functions.

This section describes the following:

• Configuring a DHCP relay agent

• Configuring a DHCP server

Note: To configure DHCP server or DHCP relay functionality on an interface, the FortiGate unit

must be in NAT/Route mode and the interface must have a static IP address.

previous next