Exam FCSS_NST_SE-7.6 Topic 4 Question 30 Discussion

To determine the path the traffic will take, we must look at the FortiGate Route Lookup Precedence (Packet Processing Flow) and the specific configurations shown in the exhibit
* Analyze the Routing Precedence:
* In FortiOS, when a packet arrives (and is not part of an existing session), the FortiGate performs route lookups in a specific order:
* Policy Routes: Configured under config router policy (or diagnose firewall proute list).
These are checked first. If a packet matches the criteria (Source, Destination, Protocol, Incoming Interface), the Policy Route is used immediately, bypassing the standard routing table.
* FIB (Forwarding Information Base): If no Policy Route matches, the device looks at the standard routing table (Static, Connected, Dynamic).
* Analyze the Exhibit:
* Policy Route Section: The output of diagnose firewall proute list shows an active policy route ( id=1).
* Destination: 100.65.0.0/255.255.255.0 (Matches the network in the question).
* Action: It directs traffic to gateway 10.0.4.253 via oif=6(port4).
* Routing Table Section: The output of get router info routing-table database shows multiple routes for 100.65.0.0/24 (Static, OSPF, BGP) all with distance 10. The Static route (S) is currently selected (*>) in the FIB.
* Conclusion:
* Because Policy Routes take precedence over the standard routing table (FIB), the FortiGate will forward the traffic using the instructions in Policy Route ID 1. It will not use the Static, BGP, or OSPF routes visible in the routing table for any traffic that matches the policy route's criteria (ingress port 3).
Reference:
FortiGate Security 7.6 Study Guide (Routing): "Policy routes take precedence over entries in the routing table. If a packet matches a policy route, the FortiGate routes the packet according to the specified interface and gateway."