Skip to main content
v20100
v20100
New Member
October 11, 2016
Question

Adding Static routes by Named Address

  • October 11, 2016
  • 2 replies
  • 20927 views

Hi

For IPsec Tunnel routes, I would like to add the destination information with Named Address, as I already created groups addresses containing various subnets and hosts.

However, it only shows the addresses for our internal vlan no other groups and nothing can be added from here.

 

Not sure if it is a problem with the web interface or if I need to create the groups somewhere else (been created in Policy & Objects) but it would be great if that worked instead of having to create all the routes separately by Subnet

 

Thanks

    2 replies

    MikePruett
    MikePruett
    New Member
    October 13, 2016

    Interface based VPN?

     

    You are wanting to do routes based strictly on the named subnets? I always (if interface based ipsec) put a static route utilizing the subnets in question.

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    October 13, 2016

    Should work in v5.4.x

    Are the addresses by chance tied to an interface (other than "Any")?

    v20100
    v20100Author
    New Member
    October 13, 2016

    Thanks both. Some clarifications: some IPsec sites have numerous subnets. I created the objects for each subnets and an object group containing the subnets objects.

    When it comes to adding the static routes, instead of having to manually re-enter all the routes manually for each subnet, I thought that the 'Named Address' tab was exactly for that, as we already have a group defined.

    @ede_pfau: we are in 5.4

    The only addresses that show up when using the Named Address tab are for our internal Vlan and yes they have the LAN (port1) interface set.

    I then tried to create a new object and assigned the VPN for interface but it still does not appear in the Named Address tab. but I am also after the Address group not an object only. When I create an address group that contains the object with the VPN for interface, it complains with "One or more members are associated with an interface, etc...

    So back to square one.

    It is a shame it is not much easier to setup a site to site VPN!

    FortiRican
    FortiRican
    New Member
    August 23, 2022

    You need to make sure in "Policy & Objects -> Addresses" the "Static route configuration" is enabled as well as in the "Address Group". Then it will show in the Static Route list.

    Terms & ConditionsAccessibility statement