Skip to main content
groupit
groupit
New Member
January 26, 2026
Solved

Recent FortiGate Update 7.4.10 - Static Routes Stopped Working

  • January 26, 2026
  • 2 replies
  • 8164 views

Hi Guys,

 

My firewall did an update recently from 7.4.9 to 7.4.10 and since then my static routes have stopped working.  I have a couple of internal routers that route between different subnets.  They were configured a number of years ago, and since then I haven't had any issue with them until now.  The routes are very straight forward - Destination (192.168.50.0/24**  subnet at other side of router) Gateway (192.168.10.10 router IPt) Interface (LAN)  (enabled).  Clients gateways are set to the Fortigate device and everything was fine until the update.  All clients could reach 192.168.50.x without issue.  That's now stopped working.  If I add a static route on the clients direct it works fine.  So issue is definetly at Fortigate.  Also all monitoring of the subnet stop at exact time of update.

 

Tried removing and re-entering/rebooting, just doesn;t want to work.

 

Anyone got a similar issue/fix?

 

Many thanks      

Best answer by FortiMentor

Hi,

 

You may be missing a firewall rule that allows data traffic. In firmware 7.4.9, no rule was required for data traffic that was sent in and out on the same interface. In firmware 7.4.10, this behavior seems to have changed. You therefore need a rule that specifies the source and destination interface as LAN.

 

 

2 replies

FortiMentor
FortiMentorAnswer
New Member
January 26, 2026

Hi,

 

You may be missing a firewall rule that allows data traffic. In firmware 7.4.9, no rule was required for data traffic that was sent in and out on the same interface. In firmware 7.4.10, this behavior seems to have changed. You therefore need a rule that specifies the source and destination interface as LAN.

 

 

groupit
groupitAuthor
New Member
January 26, 2026

Thanks for the heads up.  I looked through the release notes but never found any reference regarding this change.  Perhaps, I missed it.    Thanks again

FortiMentor
FortiMentor
New Member
January 26, 2026

The default setting for allow-traffic-redirect and ipv6-allow-traffic-redirect has been changed from enable to disable

 

https://docs.fortinet.com/document/fortigate/7.4.10/fortios-release-notes/230510/changes-in-default-behavior

 

 

robert_white909
robert_white909
New Member
January 26, 2026

Why do you think they made the change to disable this by default? I already have polices for one subnet to another, having to create another on its own interface seems redundant. Was this put in place for a fix for the current SSO CVE? It is odd they introduced this now. 

FortiMentor
FortiMentor
New Member
January 27, 2026

Fortinet wants to increase security by default. When the “allow-traffic-redirect” function is enabled, all traffic to the destination is allowed. When the function is disabled, it ensures that traffic arriving at an interface and forwarded to another router via the same interface requires a firewall policy that explicitly allows this traffic. I don't like the approach of changing the settings after an update and not just when a new firewall configuration is implemented.

Jond
Jond
New Member
February 5, 2026

That's right.  My units delayed 7.4.9->10 but then went crazy for 7.4.11 
When the main one was upgraded part of my operation went down.
Not impressed.

Terms & ConditionsAccessibility statement