# dia ip proute match <destination ip> <source ip> <incoming interface> <proto> <destination port number>For example.
fermion-kvm42 # dia firewall proute listTo check matching policy route for TCP traffic generated from source 172.31.134.1 to public IP, need to use the debug command as shown below.
list route policy info(vf=root):
id=1 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0:0 iif=5 dport=0-65535 oif=3(port1) gwy=10.5.31.254
source wildcard(1): 172.31.135.0/255.255.255.248
destination wildcard(1): 0.0.0.0/0.0.0.0
hit_count=1 last_used=2020-10-22 08:00:45
id=2 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0:0 iif=5 dport=0-65535 oif=4(port2) gwy=10.5.63.254
source wildcard(1): 172.31.134.0/255.255.255.248
destination wildcard(1): 0.0.0.0/0.0.0.0
hit_count=0 last_used=2020-10-22 09:00:50
fermion-kvm42 # dia ip proute match 208.91.114.181 172.31.134.1 port3 6 443Output.
dst=208.91.114.181 src=172.31.134.1 smac=00:00:00:00:00:00 iif=5 protocol=6 dport=443Note.
id=00000002 type=Policy Route
seq-num=2 <---- Matching the ID=2 policy route.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.