Cisco \ Fortigate Policy based routing

we sometimes encounter a situations when simple routing is not enough,

for instance we have several gateways and we need to load-balance between them based on the source/destination IP port or protocol.

Needless to say that can be achieved best by using a dedicated load-balancer device, but let's say we don’t have one ( and not eager to parches ).

In my opinion the simplest way of achieving this is PBR ( policy based routing), the concept is pretty basic – when a packet matches the condition I provide pass it to the gateway I provide ( off course pass can be replaced with other options).

In the Cisco world it's a route-map, for example:

route-map PBR permit 10
 match ip address ACL1
 set ip next-hop 1.1.1.1
route-map PBR permit 20

If we get a packet that matches access-list "ACL1" pass it to the ip 1.1.1.1, all other traffic passed according to the routing table (there is no match statement so anything is being matched, and no set basically so nothing is being performed).

In case of a Fortinet firewall, its Policy Route:

CLI version:

config router policy
    edit 1
        set input-device "port4"
        set src 172.18.0.0 255.255.0.0
        set dst 192.168.3.0 255.255.255.0
        set protocol 6
        set start-port 443
        set end-port 443
        set gateway 1.1.1.1
        set output-device "port3"
    next
end       

or gui version:

In both cases packet with the source "172.18.0.0 255.255.0.0" and destination "192.168.3.0 255.255.255.0" TCP (protocol 6) port 443 pass it to interface "Port3" with 1.1.1.1 as the next-hop.

Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR