FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the FortiOS routing logic that applies when multiple default routes through different routing protocols are used.
FortiOS 5.x, 6.x and 7.x.
The following diagram illustrates a typical topology in which a client behind Spoke FortiGate can reach a server via two possible links:
The options are as follows:
A) Routing through a default static route towards FGT-1.
B) Routing through the OSPF default route advertised through FGT-2.
The FortiGate administrator's goal in this case would be to load balance the traffic towards both links at the same time thus he/she adjusted the Administrative Distance (AD) of the static route to 110 so it can be equal with the OSPF one:
# config router static
set gateway 10.10.10.10
set distance 110
set device "wan1"
Issuing the command get router info routing-table all on the Spoke FortiGate will produce an output similar to the following:
Routing table for VRF=0 S *> 0.0.0.0/0 [110/0] via 10.10.10.10, wan1 O E2 0.0.0.0/0 [110/1] via 172.16.1.1, wan2
Note: Only one protocol's route to the same destination will be processed by the kernel at the same time. As a result, FortiOS will choose to route packets through the static default route, and will only use the OSPF default route when the wan1 link becomes inactive.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.