Technical Tip: Link-monitor when failing does not remove routes from routing-table if more than one route is configured

Link monitor is configured as follows, with two routes configured (172.10.0.0/22, 172.17.1.0/24) that would be removed if link-monitor is marked as dead.

config system link-monitor

    edit "LK-MON"

        set srcintf "internal1"

        set server "169.254.10.1" "169.254.10.5"

        set gateway-ip 172.18.1.100

        set route "172.10.0.0/22" "172.17.1.0/24"

        set source-ip 172.18.1.1

    next

end

The routing table shows that both routes are present in the active routing table. 

FGT # get router info routing-table details

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

       O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default

Routing table for VRF=0

S       172.10.0.0/22 [10/0] via 172.18.1.100, internal1, [1/0]

S       172.17.1.0/24 [10/0] via 172.18.1.100, internal1, [1/0]

Once the link-monitor fails, it is expected that these routes are removed from the routing-table.

In the output below, both servers are marked as dead. 

FGT # diagnose sys link-monitor status

Link Monitor: LKM-MON, Status: dead, Server num(2), HA state: local(dead), shared(dead)

Flags=0x1 init, Create time: Thu Aug 18 10:50:29 2025

Source interface: internal1 (7)

Source IP: 172.18.1.1

Gateway: 172.18.1.100

Monitor subnet(3): 172.10.0.0/22 172.17.1.0/24

Interval: 500 ms

Service-detect: disable

Diffservcode: 000000

Class-ID: 0

  Peer: 169.254.10.1(169.254.10.1)

        Source IP(172.18.1.1)

        Route: 172.18.1.1->169.254.10.1/32, gwy(172.18.1.100)

        protocol: ping, state: dead

                Packet lost: 100.000%

                Number of out-of-sequence packets: 0

                Recovery times(0/5) Fail Times(1/5)

                Packet sent: 632, received: 0, Sequence(sent/rcvd/exp): 633/0/0

  Peer: 169.254.10.5(169.254.10.5)

        Source IP(172.18.1.1)

        Route: 172.18.1.1->169.254.10.5/32, gwy(172.18.1.100)

        protocol: ping, state: dead

                Packet lost: 100.000%

                Number of out-of-sequence packets: 0

                Recovery times(0/5) Fail Times(0/5)

                Packet sent: 632, received: 151, Sequence(sent/rcvd/exp): 633/152/153

The routes are still present in the routing table and have not been removed, even with the health check failing.

FGT # get router info routing-table details

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

       O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default

Routing table for VRF=0

S       172.10.0.0/22 [10/0] via 172.18.1.100, internal1, [1/0]

S       172.17.1.0/24 [10/0] via 172.18.1.100, internal1, [1/0]

This is resolved in v7.2.5 onwards. Versions before v7.2.5 may still be affected by this issue. 

Related document:

Resolved issues