Skip to main content
ciordan
Staff
ciordan
Staff
September 26, 2019

Technical Tip: How to add Named address objects or Named address groups in the Static Routes

  • September 26, 2019
  • 0 replies
  • 42333 views

Description

 

This article describes how to configure a static route with Named address objects or Named address groups.

 

Scope

 

FortiGate.


Solution

 

Configure an address object through the GUI under Policy & Objects -> Addresses, specifying the name, type, and subnet. Make sure to have the option 'Static route configuration' or 'Routing configuration' enabled, as this option will allow this Named address object to be used as a destination in static routes configuration.

 

GUI view:

  • In FortiOS v7.4.x and below, enable the 'Static route configuration' option while creating an address object and address group.

 

kb 51.1.PNG

 

  • In FortiOS v7.6.x and above, enable the 'Routing configuration' option while creating an address object and address group.
 

pic-1.png

 

CLI view:
 
config firewall address
    edit "Test_Address_Object"
        set uuid bc6f2364-f3b1-51f0-d076-f55395a71975
        set allow-routing enable       <-- Important to enable this configuration.
        set subnet 10.10.10.0 255.255.255.0
    next
end
 
Configure an address group in the GUI under Policy & Objects, specifying the name and the members:
 
GUI view:
 
pic-2.png 
CLI view: 
 
config firewall addrgrp
    edit "Test_Address_Group"
        set allow-routing enable      <-- Important to enable this configuration.
        set member "Test_Address_Object"
        set uuid 0fb59cd2-f3b3-51f0-ad39-1d2c3a984efa
    next
end
 
Now, selecting a named address while configuring a static route will show the named address object or named address group is available for selection.
 
GUI view:
 
pic-3.png
 
CLI view:

 

lab # config router static

lab (static) # edit 10
new entry '10' added

 

lab (10) # set dstaddr
<string> please input string value
Test_Address_Object address        <--- Available address object.
Test_Address_Group addrgrp         <--- Available address group.

 

From FortiOS v7.4.0, it is possible to define a preferred source IP for static routes to control the source IP used for local-out traffic. This setting allows better control over the source IP on egress interfaces, making it feasible to use a specified IP instead of the default interface IP.

config router static
    edit <id>
        set preferred-source <ip_address>
    next
end

This configuration allows local-out traffic using the static route to use the preferred source IP instead of the IP associated with the egress interface.

Verification:


get router info routing-table details 10.0.0.0

Routing table for VRF=0
Routing entry for 10.0.0.0/24
Known via "static", distance 10, metric 0, best
* vrf 0 192.168.1.1, via port1

 

Related articles:

Technical Tip: Unable to add the addresses objects on the address group.

Technical Tip: Configuring preferred-source in source IP for local-out traffic

Terms & ConditionsAccessibility statement