# get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
S *> 0.0.0.0/0 [10/0] via x.x.x.x, port1
*> [10/0] via x.x.x.x, port2
C *> 10.5.16.0/20 is directly connected, port1
C *> 10.5.48.0/20 is directly connected, port2
C *> 172.31.128.0/20 is directly connected, port3
#config router policy
edit 1
set input-device "port3"
set input-device-negate disable
set src "192.168.1.0/255.255.255.0"
set src-negate disable
set dst "0.0.0.0/0.0.0.0"
set dst-negate disable
set action permit
set protocol 0
set gateway x.x.x.x
set output-device "port2"
end
#config router policy4) Make sure that the Policy Route configured for the source 192.168.80.30 is placed at the top of the table.
edit 2
set input-device “port3”
set input-device-negate disable
set src "192.168.1.30/255.255.255.255"
set src-negate disable
set dst "0.0.0.0/0.0.0.0"
set dst-negate disable
set action deny
set protocol 0
set tos 0x00
set tos-mask 0x00
set status enable
set comments "STOP POLICY ROUTE"
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.