Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AlexC-FTNT
Staff
Staff

Created on ‎04-22-2024 08:18 AM Edited on ‎11-25-2024 05:03 AM By Community Manager

Article Id 310902

Technical Tip: Change the order of route-map rules

Description

 

This article describes how to change the order of the rules in the route-map setup. 

A route map may have multiple rules that are processed from the top down, so the order of the rules is important.

 

Scope

 

FortiOS.

 

Solution

 

New rules in a route map need to be placed in the correct order for desired results.

Unfortunately, once a sequence of rules has been set up, new rules will only be added in the configuration to the end of the existing list, regardless of the number that is assigned. This is just a visual 'issue' since the order is dictated by the number (ID) of the rules - it is purely cosmetic and does not affect the function of the device.

This article describes how to correct this visual issue in configuration. Functionally, it needs no correction.

 

For example: 

There is a need to add a new rule, placed in the 2nd position, to the existing rules: 10, 20, 30, 40.

The desired new rule sequence would be 10, 15, 20, 30, 40.

Adding a new rule 15 in the CLI will place it in the configuration at the bottom of the list, so the outcome will be 10, 20, 30, 40, 15.

However, as confirmed by developers, the rules are sorted by ID before they are sent to the routing engine, so they will be applied in the correct order:

10, 15, 20, 30, 40

 

show

config router route-map

edit "MyRouteMap"

config rule

edit 10

set match-ip-address "Test1"
set set-local-preference 100

next

edit 20

set match-ip-address "Test2"
set set-local-preference 100

next
edit 30

set match-ip-address "Test3"
set set-local-preference 200

next
edit 40

set match-ip-address "Test4"

set set-local-preference 50

next

edit 15

set set-local-preference 100

next

end

 

To correct this (in the config only, and for visual clarity) and place rule 15 on the second position, the existing rules must first deleted and the config must be saved (end). Deleting the existing rules and saving means that the traffic will be disrupted, so performing this during a maintenance window is required.

 

The option to 'move' one rule above another does not exist (in the way that it is possible to do this with the firewall policies), because the rules are automatically sorted by ID, and applied from top (lowest ID) to bottom (highest ID).

The fastest way to achieve the desired result is to use a text editor to arrange the rules in the desired position prior to applying them in the FortiOS config.

 

Related articles:

Route maps - FortiGate administration guide.

2464
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.