Skip to main content
Dopin
Dopin
New Member
May 7, 2015
Solved

Static route using discontinuous subnet mask

  • May 7, 2015
  • 3 replies
  • 8202 views

Hi

 

Does anyone knows if FortiOS support discontinuous subnet mask like 10.0.128.0/255.0.255.0? Our networking team make use of discontinuous mask since our Cisco switch support it but I can't find any information about the FortiOS documentation. 

 

Thanks

Dominic

    Best answer by emnoc

    10.0.128.0/255.0.255.0

     

    The above would be a invalid mask in cisco IOS. Can you care to explain what your talking about? Is this maybe a confusion with ACL mask/wildcards. I think your confusing ACLs and routes.

     

    3 replies

    emnoc
    emnocAnswer
    New Member
    May 7, 2015

    10.0.128.0/255.0.255.0

     

    The above would be a invalid mask in cisco IOS. Can you care to explain what your talking about? Is this maybe a confusion with ACL mask/wildcards. I think your confusing ACLs and routes.

     

    Dopin
    DopinAuthor
    New Member
    May 11, 2015

    You're right. My networking guy confused me about using discoutinuous mask. He was talking about ACL and not route. So here is exactly why I was asking that question at first. We have multiple distribution and each of them is using /16 subnet (ex, Dist A = 10.1.0.0/16 Dist B = 10.2.0.0/16). They are part of the default routing instance in cisco switch wich is connected to the inside interface of our Fortigate. Each of those distribution have a reserved subnet for servers (ex, Dist A = 10.1.240.0/20 Dist B = 10.2.240.0/20) which is part of a distinct routing instance (VRF2) in our cisco switch which is connected to the server interface of our Fortigate. Is there a way to create a single static route to point all those subnet to the server interface? That's why I talked about using discontinuous mask.

     

    Dominic

     

    emnoc
    emnoc
    New Member
    May 11, 2015

    Okay I don't quite understand, the /20s you listed are included in DIST-A and DISt-B, if they are not reachable via the same gateway just place the most specific entry/next-hop for these server instance.

     

    If you could draft a topology map, please do so. Keep one thought in mind tho;

     

    "you can't over-lap interfaces addresses in the same VDOM"

     

    E.g

     

    config sys int 

       edit port 1

       set ip 10.1.0.1/16

       set vdom root

      next

      edit port 2

         set ip 10.1.11.1/30

         set vdom root

      end

     

     

     

     

    Dopin
    DopinAuthor
    New Member
    May 11, 2015

     

    emnoc
    emnoc
    New Member
    May 11, 2015

    I don't what your question is now. Your network topology looks ...well  great.

     

     

    You can't really summarize the /18s and larger. In your case the 10.0.0.0/14  would catch all on the left side and then your server distribution &  with  the 3x  /20s is all that you need. You can't install a  variable mask for these networks if that was your  original question.

     

    Ideally, I would have done some thing like install the server-farm  networks in let's say a 10.4.0.0/16 & skip the discontiguous  setup that you have all together. It's like you have to go to a  ARIN or equal to justify the utilizations ;) > Just something to think about.

     

    But like I said earlier. It (network) looks great and simple.

     

    Terms & ConditionsAccessibility statement