Key concepts : Sequence of packet routing evaluation
Sequence of packet routing evaluation
FortiADC appliances consider routing rules for a packet in the following order of evaluation. To understand the evaluation sequence, read from the top of the table (the first rule) towards the bottom (the last rule). Disabled/un-configured rules are skipped. FortiADC will apply the first matching rule.
For example, when a packet is ready to leave the FortiADC appliance, if no content routing is specified (“Routing based on the application layer”), FortiADC next evaluates for a matching route beginning at the top of the policy route list (“Policy routes”). If the attributes of a packet match all the specified conditions, and if a gateway is specified, the FortiADC appliance routes the packet through the specified interface, towards the gateway. If no policy route matches the packet, then the FortiADC appliance searches the static routing table for a match (see “Adding a gateway”).
Table 1: Execution sequence (web protection profile)
Content routes
URL or Host: field in the HTTP header
Policy routes
SRC and/or DST of the IP layer
Static route
DST of the IP layer