Fortinet black logo

CLI Reference

config router policy

config router policy

Configure IPv4 routing policies.

config router policy

Description: Configure IPv4 routing policies.

edit <seq-num>

set input-device <name1>, <name2>, ...

set input-device-negate [enable|disable]

set src <subnet1>, <subnet2>, ...

set srcaddr <name1>, <name2>, ...

set src-negate [enable|disable]

set dst <subnet1>, <subnet2>, ...

set dstaddr <name1>, <name2>, ...

set dst-negate [enable|disable]

set action [deny|permit]

set protocol {integer}

set start-port {integer}

set end-port {integer}

set start-source-port {integer}

set end-source-port {integer}

set gateway {ipv4-address}

set output-device {string}

set tos {user}

set tos-mask {user}

set status [enable|disable]

set comments {var-string}

set internet-service-id <id1>, <id2>, ...

set internet-service-custom <name1>, <name2>, ...

next

end

config router policy

Parameter

Description

Type

Size

Default

input-device <name>

Incoming interface name.

Interface name.

string

Maximum length: 79

input-device-negate

Enable/disable negation of input device match.

option

-

disable

Option

Description

enable

Enable negation of input device match.

disable

Disable negation of input device match.

src <subnet>

Source IP and mask (x.x.x.x/x).

IP and mask.

string

Maximum length: 79

srcaddr <name>

Source address name.

Address/group name.

string

Maximum length: 79

src-negate

Enable/disable negating source address match.

option

-

disable

Option

Description

enable

Enable source address negation.

disable

Disable source address negation.

dst <subnet>

Destination IP and mask (x.x.x.x/x).

IP and mask.

string

Maximum length: 79

dstaddr <name>

Destination address name.

Address/group name.

string

Maximum length: 79

dst-negate

Enable/disable negating destination address match.

option

-

disable

Option

Description

enable

Enable destination address negation.

disable

Disable destination address negation.

action

Action of the policy route.

option

-

permit

Option

Description

deny

Do not search policy route table.

permit

Use this policy route for forwarding.

protocol

Protocol number .

integer

Minimum value: 0 Maximum value: 255

0

start-port

Start destination port number .

integer

Minimum value: 0 Maximum value: 65535

0

end-port

End destination port number .

integer

Minimum value: 0 Maximum value: 65535

65535

start-source-port

Start source port number .

integer

Minimum value: 0 Maximum value: 65535

0

end-source-port

End source port number .

integer

Minimum value: 0 Maximum value: 65535

65535

gateway

IP address of the gateway.

ipv4-address

Not Specified

0.0.0.0

output-device

Outgoing interface name.

string

Maximum length: 35

tos

Type of service bit pattern.

user

Not Specified

tos-mask

Type of service evaluated bits.

user

Not Specified

status

Enable/disable this policy route.

option

-

enable

Option

Description

enable

Enable this policy route.

disable

Disable this policy route.

comments

Optional comments.

var-string

Maximum length: 255

internet-service-id <id>

Destination Internet Service ID.

Destination Internet Service ID.

integer

Minimum value: 0 Maximum value: 4294967295

internet-service-custom <name>

Custom Destination Internet Service name.

Custom Destination Internet Service name.

string

Maximum length: 79

config router policy

Configure IPv4 routing policies.

config router policy

Description: Configure IPv4 routing policies.

edit <seq-num>

set input-device <name1>, <name2>, ...

set input-device-negate [enable|disable]

set src <subnet1>, <subnet2>, ...

set srcaddr <name1>, <name2>, ...

set src-negate [enable|disable]

set dst <subnet1>, <subnet2>, ...

set dstaddr <name1>, <name2>, ...

set dst-negate [enable|disable]

set action [deny|permit]

set protocol {integer}

set start-port {integer}

set end-port {integer}

set start-source-port {integer}

set end-source-port {integer}

set gateway {ipv4-address}

set output-device {string}

set tos {user}

set tos-mask {user}

set status [enable|disable]

set comments {var-string}

set internet-service-id <id1>, <id2>, ...

set internet-service-custom <name1>, <name2>, ...

next

end

config router policy

Parameter

Description

Type

Size

Default

input-device <name>

Incoming interface name.

Interface name.

string

Maximum length: 79

input-device-negate

Enable/disable negation of input device match.

option

-

disable

Option

Description

enable

Enable negation of input device match.

disable

Disable negation of input device match.

src <subnet>

Source IP and mask (x.x.x.x/x).

IP and mask.

string

Maximum length: 79

srcaddr <name>

Source address name.

Address/group name.

string

Maximum length: 79

src-negate

Enable/disable negating source address match.

option

-

disable

Option

Description

enable

Enable source address negation.

disable

Disable source address negation.

dst <subnet>

Destination IP and mask (x.x.x.x/x).

IP and mask.

string

Maximum length: 79

dstaddr <name>

Destination address name.

Address/group name.

string

Maximum length: 79

dst-negate

Enable/disable negating destination address match.

option

-

disable

Option

Description

enable

Enable destination address negation.

disable

Disable destination address negation.

action

Action of the policy route.

option

-

permit

Option

Description

deny

Do not search policy route table.

permit

Use this policy route for forwarding.

protocol

Protocol number .

integer

Minimum value: 0 Maximum value: 255

0

start-port

Start destination port number .

integer

Minimum value: 0 Maximum value: 65535

0

end-port

End destination port number .

integer

Minimum value: 0 Maximum value: 65535

65535

start-source-port

Start source port number .

integer

Minimum value: 0 Maximum value: 65535

0

end-source-port

End source port number .

integer

Minimum value: 0 Maximum value: 65535

65535

gateway

IP address of the gateway.

ipv4-address

Not Specified

0.0.0.0

output-device

Outgoing interface name.

string

Maximum length: 35

tos

Type of service bit pattern.

user

Not Specified

tos-mask

Type of service evaluated bits.

user

Not Specified

status

Enable/disable this policy route.

option

-

enable

Option

Description

enable

Enable this policy route.

disable

Disable this policy route.

comments

Optional comments.

var-string

Maximum length: 255

internet-service-id <id>

Destination Internet Service ID.

Destination Internet Service ID.

integer

Minimum value: 0 Maximum value: 4294967295

internet-service-custom <name>

Custom Destination Internet Service name.

Custom Destination Internet Service name.

string

Maximum length: 79