Fortinet black logo

CLI Reference

router policy

Configure IPv4 routing policies.

  config router policy
      Description: Configure IPv4 routing policies.
      edit <seq-num>
          set input-device <name1>, <name2>, ...
          set input-device-negate [enable|disable]
          set src <subnet1>, <subnet2>, ...
          set srcaddr <name1>, <name2>, ...
          set src-negate [enable|disable]
          set dst <subnet1>, <subnet2>, ...
          set dstaddr <name1>, <name2>, ...
          set dst-negate [enable|disable]
          set action [deny|permit]
          set protocol {integer}
          set start-port {integer}
          set end-port {integer}
          set start-source-port {integer}
          set end-source-port {integer}
          set gateway {ipv4-address}
          set output-device {string}
          set tos {user}
          set tos-mask {user}
          set status [enable|disable]
          set comments {var-string}
          set internet-service-id <id1>, <id2>, ...
          set internet-service-custom <name1>, <name2>, ...
      next
  end

config router policy

Parameter Name Description Type Size
input-device <name> Incoming interface name.
Interface name.
string Maximum length: 79
input-device-negate Enable/disable negation of input device match.
enable: Enable negation of input device match.
disable: Disable negation of input device match.
option -
src <subnet> Source IP and mask (x.x.x.x/x).
IP and mask.
string Maximum length: 79
srcaddr <name> Source address name.
Address/group name.
string Maximum length: 79
src-negate Enable/disable negating source address match.
enable: Enable source address negation.
disable: Disable source address negation.
option -
dst <subnet> Destination IP and mask (x.x.x.x/x).
IP and mask.
string Maximum length: 79
dstaddr <name> Destination address name.
Address/group name.
string Maximum length: 79
dst-negate Enable/disable negating destination address match.
enable: Enable destination address negation.
disable: Disable destination address negation.
option -
action Action of the policy route.
deny: Do not search policy route table.
permit: Use this policy route for forwarding.
option -
protocol Protocol number (0 - 255). integer Minimum value: 0 Maximum value: 255
start-port Start destination port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
end-port End destination port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
start-source-port Start source port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
end-source-port End source port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
gateway IP address of the gateway. ipv4-address Not Specified
output-device Outgoing interface name. string Maximum length: 35
tos Type of service bit pattern. user Not Specified
tos-mask Type of service evaluated bits. user Not Specified
status Enable/disable this policy route.
enable: Enable this policy route.
disable: Disable this policy route.
option -
comments Optional comments. var-string Maximum length: 255
internet-service-id <id> Destination Internet Service ID.
Destination Internet Service ID.
integer Minimum value: 0 Maximum value: 4294967295
internet-service-custom <name> Custom Destination Internet Service name.
Custom Destination Internet Service name.
string Maximum length: 79

Configure IPv4 routing policies.

  config router policy
      Description: Configure IPv4 routing policies.
      edit <seq-num>
          set input-device <name1>, <name2>, ...
          set input-device-negate [enable|disable]
          set src <subnet1>, <subnet2>, ...
          set srcaddr <name1>, <name2>, ...
          set src-negate [enable|disable]
          set dst <subnet1>, <subnet2>, ...
          set dstaddr <name1>, <name2>, ...
          set dst-negate [enable|disable]
          set action [deny|permit]
          set protocol {integer}
          set start-port {integer}
          set end-port {integer}
          set start-source-port {integer}
          set end-source-port {integer}
          set gateway {ipv4-address}
          set output-device {string}
          set tos {user}
          set tos-mask {user}
          set status [enable|disable]
          set comments {var-string}
          set internet-service-id <id1>, <id2>, ...
          set internet-service-custom <name1>, <name2>, ...
      next
  end

config router policy

Parameter Name Description Type Size
input-device <name> Incoming interface name.
Interface name.
string Maximum length: 79
input-device-negate Enable/disable negation of input device match.
enable: Enable negation of input device match.
disable: Disable negation of input device match.
option -
src <subnet> Source IP and mask (x.x.x.x/x).
IP and mask.
string Maximum length: 79
srcaddr <name> Source address name.
Address/group name.
string Maximum length: 79
src-negate Enable/disable negating source address match.
enable: Enable source address negation.
disable: Disable source address negation.
option -
dst <subnet> Destination IP and mask (x.x.x.x/x).
IP and mask.
string Maximum length: 79
dstaddr <name> Destination address name.
Address/group name.
string Maximum length: 79
dst-negate Enable/disable negating destination address match.
enable: Enable destination address negation.
disable: Disable destination address negation.
option -
action Action of the policy route.
deny: Do not search policy route table.
permit: Use this policy route for forwarding.
option -
protocol Protocol number (0 - 255). integer Minimum value: 0 Maximum value: 255
start-port Start destination port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
end-port End destination port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
start-source-port Start source port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
end-source-port End source port number (0 - 65535). integer Minimum value: 0 Maximum value: 65535
gateway IP address of the gateway. ipv4-address Not Specified
output-device Outgoing interface name. string Maximum length: 35
tos Type of service bit pattern. user Not Specified
tos-mask Type of service evaluated bits. user Not Specified
status Enable/disable this policy route.
enable: Enable this policy route.
disable: Disable this policy route.
option -
comments Optional comments. var-string Maximum length: 255
internet-service-id <id> Destination Internet Service ID.
Destination Internet Service ID.
integer Minimum value: 0 Maximum value: 4294967295
internet-service-custom <name> Custom Destination Internet Service name.
Custom Destination Internet Service name.
string Maximum length: 79