FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sgiannogloudis
Description This article describes the FortiOS routing logic that applies when multiple default routes through different routing protocols are used.
Scope FortiOS 5.x, 6.x and 7.x.
Solution

The following diagram illustrates a typical topology in which a client behind Spoke FortiGate can reach a server via two possible links:

 

sgiannogloudis_1-1667312329151.png

 

The options are as follows:

A) Routing through a default static route towards FGT-1.

B) Routing through the OSPF default route advertised through FGT-2.

 

The FortiGate administrator's goal in this case would be to load balance the traffic towards both links at the same time thus he/she adjusted the Administrative Distance (AD) of the static route to 110 so it can be equal with the OSPF one:

 

# config router static

edit X

set gateway 10.10.10.10

set distance 110

set device "wan1"

next

end

 

Issuing the command get router info routing-table all on the Spoke FortiGate will produce an output similar to the following:

 

Routing table for VRF=0
S *> 0.0.0.0/0 [110/0] via 10.10.10.10, wan1
O E2 0.0.0.0/0 [110/1] via 172.16.1.1, wan2

 

Note: Only one protocol's route to the same destination will be processed by the kernel at the same time. As a result, FortiOS will choose to route packets through the static default route, and will only use the OSPF default route when the wan1 link becomes inactive.