Skip to main content
80shmirgel
80shmirgel
New Member
November 14, 2018
Question

Fortigate 1500D v6.x VRF functionality

  • November 14, 2018
  • 1 reply
  • 9603 views

Dear All,

 

In FortiOS 6.0 a new set of features was introduced:

 

*Static routes and VRFs *OSPF and VRFs

 

Except the four row configuration examples, there is no more detailed information about VRFs. 

 

We have a Fortigate 1500D with v6.0.1 build0131 (GA). We would like to use VRF functionality in a single VDOM in order to allow communication between overlapping networks.

 

So far we were able to config VRF ID under the interface statement, for example:

 

#show system inteface

edit "vlan601"

        set vdom "Test"         set vrf 1         set ip 10.118.88.206 255.255.255.252         set allowaccess ping         set device-identification enable         set snmp-index 51         set interface "port37"         set vlanid 601     next     edit "vlan602"         set vdom "Test"         set vrf 1         set ip 10.118.88.202 255.255.255.252         set allowaccess ping         set device-identification enable         set snmp-index 53         set interface "port37"         set vlanid 602     next     edit "vlan611"         set vdom "Test"         set ip 10.118.88.210 255.255.255.252         set allowaccess ping         set device-identification enable         set snmp-index 54         set interface "port37"         set vlanid 611     next end

 

And it is correctly displayed in the routing table list:

 

# get router info routing-table all Routing table for VRF=0 Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP        O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default C 10.118.88.208/30 is directly connected, vlan611 Routing table for VRF=1 C 10.118.88.200/30 is directly connected, vlan602 C 10.118.88.204/30 is directly connected, vlan601 O 10.118.88.212/32 [110/2] via 10.118.88.201, vlan602, 19:52:58 S 10.118.88.222/32 [10/0] via 10.118.88.205, vlan601

 

It is visible that VRF=0 seems to be the global routing table.

 

But, we are unable to configure VRF under the router static level. There is no such command "set vrf".

 

Is there anybody that tested this feature? Do you know if it will be available also for BGP in the future?

 

Regards,

Shmirgel

    1 reply

    Decsomnus
    Decsomnus
    New Member
    September 25, 2019

    I don't see "set vrf" command in the router configuration either. But I don't think vrf need to be specified in router configuration. Once you set the device port for the routing entry, the route will belong to the same vrf which the interface belongs to. 

    80shmirgel
    80shmirgelAuthor
    New Member
    February 17, 2020

    @Decsomnus, that's right. I confirm that VRF ID has to be configured on interface configuration level. Then when a static route is created, the route is automatically associated to that VRF because of the interface configuration.

     

    Regards

     

    Terms & ConditionsAccessibility statement