Policy Lookup allows administrators to search for policies on a FortiGate device (or VDOM) based on certain input parameters. The input parameters simulate a packet received on FortiGate, and return the matching policy that would be triggered for it. This feature helps administrators troubleshoot issues and test new policies that they are creating.
Route Lookup allows administrators to similarly test a routing decision by specifying similar types of input parameters. Both policy routing and normal routing are consulted for the decision.
The policy and route lookup features are both invoked using the FortiGate API, as they require the real-time state of the FortiGate.
- Go to Policy & Objects > Policy Packages.
- In the tree menu, select a policy package then a policy type, such as IPv4 Policy.
- Click Policy Lookup in the toolbar.
The IPv4 Policy lookup from remote device dialog box opens.
- Fill in the required information, then click OK.
The matching policy entry, learned from the remote FortiGate, will be highlighted in the policy list.
- Go to Device Manager, and open a synchronized, managed device.
- Go to Query > Routing.
- Click Route Lookup in the toolbar.
The Route Lookup dialog box opens.
- Select IPv4 or IPv6, enter the destination address, then click OK.
A pop-up will show the show the route information from the FortiGate, and the route will be highlighted in the routing table.