Topic Thread

Expand all | Collapse all

Policy Routing Question

  • 1.  Policy Routing Question

    Posted 01-23-2019 03:32
    Hi All,

    Do you have any way to know if a policy route (PBR) is being used? Something like a ...or some counter that tells me when it was last used?
    Regards!

    ------------------------------
    Mendes Sa


    ------------------------------


  • 2.  RE: Policy Routing Question

    Posted 01-23-2019 03:54
    Hi,
    As per my knowledge, there is no such way but you can use the sniffer trace for a real-time trace to any packet. You will get an idea.

    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------



  • 3.  RE: Policy Routing Question

    Posted 01-23-2019 04:24
    My problem is that I have a legacy firewall with many PBRs. I wanted to disable them. Using the sniffer can take a long time to validate all the PBRs. So I thought I could have some statistical indicator of use of these PBRs.
    Anyway, thanks for the help.
    Regards!

    ------------------------------
    Mendes [LastName] [Designation]
    Analyst
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 4.  RE: Policy Routing Question

    Posted 01-23-2019 07:26

    Thinking outside the box. What if you made sure the policy bases routes would use a rule if hit. You could then use the rule counters. For example if a policy based rule applied to 192.168.5.5 to 8.8.8.8 you make a rule to apply only to that traffic.

    https://kb.fortinet.com/kb/documentLink.do?externalID=FD33786



    ------------------------------
    Peter [LastName] [Designation]
    Enterprise Engineer, Networking
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------



  • 5.  RE: Policy Routing Question

    Posted 04-03-2019 23:28
    You can verify and confirm by checking the routing table and debug.

    FGT # get router info routing-table all
    You can see the routes added for you policy route.

    FGT # diagnose sniffer packet any "host <ip address>" 4
    or is services are involved the you can use
    FGT # diagnose sniffer packet any "host 10.160.0.10 or port 80 or port 53" 4


  • 6.  RE: Policy Routing Question

    Posted 04-03-2019 23:29
    Please check out the below link for full details.
    https://kb.fortinet.com/kb/viewContent.do?externalId=FD31240