FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the FortiOS routing logic that applies when multiple default routes through different routing protocols are used.
Scope FortiOS 5.x, 6.x and 7.x.

The following diagram illustrates a typical topology in which a client behind Spoke FortiGate can reach a server via two possible links:




The options are as follows:

A) Routing through a default static route towards FGT-1.

B) Routing through the OSPF default route advertised through FGT-2.


The FortiGate administrator's goal in this case would be to load balance the traffic towards both links at the same time thus he/she adjusted the Administrative Distance (AD) of the static route to 110 so it can be equal with the OSPF one:


# config router static

edit X

set gateway

set distance 110

set device "wan1"




Issuing the command get router info routing-table all on the Spoke FortiGate will produce an output similar to the following:


Routing table for VRF=0
S *> [110/0] via, wan1
O E2 [110/1] via, wan2


Note: Only one protocol's route to the same destination will be processed by the kernel at the same time. As a result, FortiOS will choose to route packets through the static default route, and will only use the OSPF default route when the wan1 link becomes inactive.