118 Fortinet Inc.
Configuring the routing table Network configuration
Configuring the routing table
The routing table shows the destination IP address and mask of each route you add
as well as the gateways and devices added to the route. The routing table also
displays the gateway connection status. A green check mark indicates that the
FortiGate unit has used the ping server and dead gateway detection to determine that
it can connect to the gateway; a red X means that a connection cannot be established.
A blue question mark means that the connection status is unknown. For more
information, see “Adding a ping server to an interface” on page 111, and
The FortiGate unit assigns routes by searching for a match starting at the top of the
routing table and moving down until it finds the first match. You must arrange routes in
the routing table from more specific to more general. The default route is the most
general route. If you add a default route, it should be at the bottom of the routing table.
1 Go to System > Network > Routing Table.
2 Choose a route to move and select Move to to change its order in the routing
table.
3 Type a number in the Move to field to specify where in the routing table to move the
route and select OK.
4 Select Delete to remove a route from the routing table.
Figure 3: Routing table
Policy routing
Policy routing extends the functions of destination routing. Using policy routing you
can route traffic based not only the destination address but also on:
• Source address
• Protocol, service type, or port range
• Incoming or source interface
Using policy routing you can build a routing policy database (RPDB) that selects the
appropriate route for traffic by executing a set of routing rules. To select a route for
traffic the FortiGate unit matches the traffic with the policy routes added to the RPDB
starting at the top of the list. The first policy route to match the traffic is used to set the
route for the traffic. The route supplies the next hop gateway as well as the FortiGate
interface to be used by the traffic.
Packets are matched with policy routes before they are matched with destination
routes. If a packet does not match a policy route it is routed using destination routes.