An administrator configures a policy route to force traffic from a specific source subnet to use a particular WAN interface. After applying the configuration, the traffic still uses the default route. What is the most likely cause?
Policy routes match based on incoming interface; if the traffic enters on a different interface, the policy route is not applied.
Why this answer
Policy routes are evaluated based on the incoming interface specified in the rule. If the incoming interface is misconfigured (e.g., set to 'any' or the wrong physical interface), the FortiGate will not match the traffic against the policy route, causing it to fall through to the routing table and use the default route. The policy route must explicitly match the interface on which the traffic enters the FortiGate.
Exam trap
The trap here is that candidates often confuse policy routes with static routes or assume that a policy route applies globally, when in fact the incoming interface is a critical matching condition that must be correctly configured for the policy to take effect.
How to eliminate wrong answers
Option A is wrong because administrative distance applies to routes in the routing table, not to policy routes; policy routes override the routing table regardless of administrative distance. Option B is wrong because while VDOM misplacement can cause policy routes to not apply, the question states the configuration was applied, and VDOM issues would typically prevent the policy from being created or visible, not silently ignore it. Option D is wrong because policy routes do not have a 'priority' value relative to static routes; they are evaluated before the routing table lookup, and if the incoming interface matches, the policy route is used unconditionally.