Fortinet black logo

CLI Reference

system ha-mgmt-router-policy

system ha-mgmt-router-policy

For a FortiWeb applicance in an HA group, the configurations set by config router policy and config router static are synchronized by all the group members, but the configurations set by HA Mgmt Static Route or HA Mgmt Policy route are applied only to this specific member.

Use this command to add or delete a policy route that is used only by this HA member. It is useful when you want to connect this cluster member to back-end servers that are not in the server pool of the HA group.

To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

Syntax

config system ha-mgmt-router-policy

edit <policy_index>

set iif "<incoming_interface_name>"

set src "<source_ip>"

set dst "<destination_ip>"

set oif "<outgoing_interface_name>"

set gateway "<router_ip>"

set priority <priorty_int>

next

end

Variable Description Default

<policy_index>

Enter the index number of the policy route.

The valid range is 0–65,535.

No default.

"<incoming_interface_name>"

Enter the name of the interface, such as port1, on which FortiWeb receives packets it applies this routing policy to. No default.

src "<source_ip>"

Enter the source IP address and netmask to match, separated with a space.

FortiWeb routes matching traffic through the specified interface and gateway.

0.0.0.0 0.0.0.0

dst "<destination_ip>"

Enter the destination IP address and netmask to match, separated with a space.

FortiWeb routes matching traffic through the specified interface and gateway.

0.0.0.0 0.0.0.0

"<outgoing_interface_name>"

Enter the name of the interface, such as port2, through which FortiWeb routes packets that match the specified IP address information. No default.

gateway "<router_ip>"

Enter the IP address of a next-hop router.

A gateway address is not required for the particular routing policies used as static routes in an one-arm topology. Leave this blank for a one-arm network topology.

0.0.0.0

priority <priorty_int>

Enter a value between 1 and 200 that specifies the priority of the route.

When packets match more than one policy route, FortiWeb directs traffic to the route with the lowest value.
200

system ha-mgmt-router-policy

For a FortiWeb applicance in an HA group, the configurations set by config router policy and config router static are synchronized by all the group members, but the configurations set by HA Mgmt Static Route or HA Mgmt Policy route are applied only to this specific member.

Use this command to add or delete a policy route that is used only by this HA member. It is useful when you want to connect this cluster member to back-end servers that are not in the server pool of the HA group.

To use this command, your administrator account’s access control profile must have rw or w permission to the sysgrp area. For details, see Permissions.

Syntax

config system ha-mgmt-router-policy

edit <policy_index>

set iif "<incoming_interface_name>"

set src "<source_ip>"

set dst "<destination_ip>"

set oif "<outgoing_interface_name>"

set gateway "<router_ip>"

set priority <priorty_int>

next

end

Variable Description Default

<policy_index>

Enter the index number of the policy route.

The valid range is 0–65,535.

No default.

"<incoming_interface_name>"

Enter the name of the interface, such as port1, on which FortiWeb receives packets it applies this routing policy to. No default.

src "<source_ip>"

Enter the source IP address and netmask to match, separated with a space.

FortiWeb routes matching traffic through the specified interface and gateway.

0.0.0.0 0.0.0.0

dst "<destination_ip>"

Enter the destination IP address and netmask to match, separated with a space.

FortiWeb routes matching traffic through the specified interface and gateway.

0.0.0.0 0.0.0.0

"<outgoing_interface_name>"

Enter the name of the interface, such as port2, through which FortiWeb routes packets that match the specified IP address information. No default.

gateway "<router_ip>"

Enter the IP address of a next-hop router.

A gateway address is not required for the particular routing policies used as static routes in an one-arm topology. Leave this blank for a one-arm network topology.

0.0.0.0

priority <priorty_int>

Enter a value between 1 and 200 that specifies the priority of the route.

When packets match more than one policy route, FortiWeb directs traffic to the route with the lowest value.
200