Fortigate Firewall Policy routing configuration how to achieve Mutual access between two links 01/17 Update SLTechnology News&Howtos

Fortigate Firewall Policy routing configuration how to achieve Mutual access between two links

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

The purpose of this article is to share with you how to configure Fortigate firewall policy routing to achieve dual-link mutual access. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Scene description:

1. Telecom Unicom dual-link, telecom-based (default route), Unicom secondary

two。 Internal part of the server requires external access, NAT to telecom lines

3. It is required to schedule some users of the internal network to take the Unicom line, but be able to access the internal server through the telecom public network IP after NAT (assuming

172.16.0.0Universe 24)

4. Suppose the network segment to be dispatched now is 172.16.100.0 Universe 22.

At this point, you need to write a policy route:

Routing-> static-> Policy routing-> Create_New:

After creating the above policy route, we went to the test and found that 172.16.100.0swap 22 had been dispatched to the Unicom line normally.

However, a new problem arises, and the telecom public network IP after NAT can not be accessed on the 100.0 Master22 network segment.

After many attempts, it is finally realized by the following methods:

Create another policy route, as follows

Inflow interface: select the network port inside the firewall

Destination address: enter the server network segment

Outflow interface: select the network port inside the firewall

two。 To create a firewall policy, the policy inflow interface must select any interface.

After the above configuration, it is found that the link can visit each other.

Thank you for reading! On "Fortigate firewall policy routing configuration how to achieve dual-link access" this article is shared here, I hope the above content can be of some help to you, so that you can learn more knowledge, if you think the article is good, you can share it out for more people to see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.