Fortinet FortiGate 4000 Benutzerhandbuch
162
Fortinet Inc.
Configuring DHCP services
Network configuration
Using policy routing you can build a routing policy database (RPDB) that selects the
appropriate route for traffic by applying a set of routing rules. To select a route for
traffic, the FortiGate unit matches the traffic with the policy routes added to the RPDB
starting at the top of the list. The first policy route that matches is used to set the route
for the traffic. The route supplies the next hop gateway as well as the FortiGate
interface to be used by the traffic.
appropriate route for traffic by applying a set of routing rules. To select a route for
traffic, the FortiGate unit matches the traffic with the policy routes added to the RPDB
starting at the top of the list. The first policy route that matches is used to set the route
for the traffic. The route supplies the next hop gateway as well as the FortiGate
interface to be used by the traffic.
Packets are matched with policy routes before they are matched with destination
routes. If a packet does not match a policy route, it is routed using destination routes.
routes. If a packet does not match a policy route, it is routed using destination routes.
The gateway added to a policy route must also be added to a destination route. When
the FortiGate unit matches packets with a route in the RPDB, the FortiGate unit looks
in the destination routing table for the gateway that was added to the policy route. If a
match is found, the FortiGate unit routes the packet using the matched destination
route. If a match is not found, the FortiGate unit routes the packet using normal
routing.
the FortiGate unit matches packets with a route in the RPDB, the FortiGate unit looks
in the destination routing table for the gateway that was added to the policy route. If a
match is found, the FortiGate unit routes the packet using the matched destination
route. If a match is not found, the FortiGate unit routes the packet using normal
routing.
To find a route with a matching gateway, the FortiGate unit starts at the top of the
destination routing table and searches until it finds the first matching destination route.
This matched route is used to route the packet.
destination routing table and searches until it finds the first matching destination route.
This matched route is used to route the packet.
Policy routing command syntax
Configure policy routing using the following CLI command.
set system route policy <route_int> src <source_ip>
<source_mask> iifname <source-interface_name>
dst <destination_ip> <destination_mask>
oifname <destination-interface_name> protocol <protocol_int>
port <low-port_int> <high-port_int> gw <gateway_ip>
Complete policy routing command syntax is described in Volume 6: FortiGate CLI
Reference Guide.
<source_mask> iifname <source-interface_name>
dst <destination_ip> <destination_mask>
oifname <destination-interface_name> protocol <protocol_int>
port <low-port_int> <high-port_int> gw <gateway_ip>
Complete policy routing command syntax is described in Volume 6: FortiGate CLI
Reference Guide.
Configuring DHCP services
You can configure DHCP server or DHCP relay agent functionality on any FortiGate
interface.
interface.
A FortiGate interface can act as either a DHCP server or as a DHCP relay agent. An
interface cannot provide both functions.
interface cannot provide both functions.
This section describes the following:
•
•
Note: To configure DHCP server or DHCP relay functionality on an interface, the FortiGate unit
must be in NAT/Route mode and the interface must have a static IP address.
must be in NAT/Route mode and the interface must have a static IP address.