Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
haljawhari
Staff
Staff

Created on ‎05-29-2009 09:36 AM Edited on ‎09-12-2024 05:00 AM By Moderator

Article Id 197127

Technical Tip: FortiGate routing table conditions

Description

 

This article describes the conditions necessary to have a valid next-hop or default gateway on a FortiGate and get the route in the routing table.
This applies to DHCP, PPoE, or static routes.

Scope

 

All FortiGate or VDOM running in NAT/Route mode.

Solution

 

A FortiGate will consider a next-hop or default gateway valid and insert it in the routing table under the following conditions :

  • Static routes on interfaces with a static IP address: next-hop or default gateway must be in the same subnet as the interface and the interface must be up.
If other similar static routes are configured on other interfaces, the distance must be equal or lower.
 
  • DHCP interface: next-hop or default gateway acquired by the DHCP server must be in the same subnet as the interface.

  • PPPoE: The next-hop or default gateway acquired can be in a different subnet than the interface.

  • For any interface type : if a ping-server is configured (set detectserver 'IP'), it must reply to the ping, otherwise the static routes are invalidated for the given interface.

Note:
The default administrative distance of dynamically acquired routes (Example: from PPPoE or DHCP server) is 5.
The default administrative distance of manually created static routes is 10.

 

If the WAN interface is in PPPoE mode, with defaultgw enabled, route distance and priority can be configured on interface settings under 'config system interface'.

 
See the other related articles about Default or Static routes.

Illustration of PPPoE where the FortiGate will create a connected interface in /32 a the next-hop in a different subnet than the interface itself.

 

get router info routing-table all

S* 0.0.0.0/0 [1/0] via 10.5.98.1, ppp0                                       <----- Next hop.
C 192.168.1.0/24 is directly connected, internal
C 10.5.98.1/32 is directly connected, ppp0                                <----- /32 interface created for the next-hop.
C 10.7.255.211/32 is directly connected, ppp0                           <----- Interface.

 

Related articles:

Troubleshooting tips for FortiOS routing (RIP, OSPF, BGP, static routes, ECMP)

List of most popular articles related to FortiOS Routing (ECMP, STATIC ROUTE, RIP, OSPF, BGP, BFD, D...

Technical Note : Setting priority on static default routes to create a primary (preferred) and a sec...

Configuring a Default Route (Default Gateway) on a FortiGate in NAT mode - REMOVED from public KB

Technical Note: Configuring link redundancy - Traffic load-balancing / load-sharing - ECMP (Equal Co...

Technical Note : Identical next hops in the routing table, over different FortiGate interfaces

Labels:
25715
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.