As of FortiOS 5.x, our policy-based routing supports matching the following attributes to determine which output-device to use when starting a session and routing packets:
- src ip and mask
- dst ip and mask
- protocol, and if set, src and dst port ranges
- tos bit and mask
However, in practical situations, it seems that it would be very valuable to be able to do policy-based routing based on other attributes of the session, such as FQDN destination (exch-cas.fortinet.com) or Application Control (Dropbox, Netflix, Skype).
For example, in many newer types of typologies, business have an unmetered connection such as T1, MPLS, DSL or Cable Modem coupled with a metered mobile connection such as 3G, 4G/LTE or other metro wireless connection. In these topologies, users may want to prefer certain types of traffic go over the unmetered connection when possible, and then when not possible, optionally go over the metered connection. One example: large retail chains who offer guest wifi to make certain bandwidth-excessive applications go over unmetered links and not incur extra costs on metered links.
Is there a technology reason why policy based routing and FQDN or app control isn't supported? For example, I can guess that it takes a few packets to determine what the application is, and some applications might break if the connection gets established and starts off on dmz port and then policy routing somehow takes over and says it needs to go over wan1.