FortiOS 5.0 supports authentication-based routing by creating an identity-based route that associates a user group with one or more routes. This identity-based route is then added to a security policy and all traffic from users authenticated by this user group is routed to the gateway. This feature is configured from the CLI and can be useful for MSSPs who need to route users from different organizations to different Internet gateways.

Enter the following command to add an identity-based route that routes all traffic from users in the company1-user-group and the company2-user-group user groups out the wan1 interface to a next-hop router with IP address 172.20.120.2:

Enter the following command to add the identity-based route to a security policy: