|
Configured link monitor with default setting 'set update-static-route enable' and Policy route.
FortiGate# show full-configuration system link-monitor
config system link-monitor
edit "1"
set srcintf "port10" <------
set server "8.8.4.4"
set protocol ping
set gateway-ip 10.193.0.225
set update-static-route enable <------
set status enable
next
end
Policy route:
FortiGate# show router policy
config router policy
edit 1
set input-device "port9"
set dst "0.0.0.0/0.0.0.0"
set gateway 10.193.0.225
set output-device "port10" <----- Link monitor configured on Port10.
next
end
Status of Link monitor: Alive.
Link Monitor: 1, Status: alive, Server num(1), Flags=0x1 init, Create time: Wed Dec 15 03:48:16 2021
Source interface: port10 (6)
Gateway: 10.193.0.225
Interval: 500 ms
Peer: 8.8.4.4(8.8.4.4)
Source IP(10.193.1.69)
Route: 10.193.1.69->8.8.4.4/32, gwy(10.193.0.225)
protocol: ping, state: alive
Latency(Min/Max/Avg): 2.470/2.696/2.508 ms
Jitter(Min/Max/Avg): 0.003/0.219/0.040
Packet lost: 0.000%
Number of out-of-sequence packets: 0
Fail Times(0/5)
Packet sent: 2049, received: 1512, Sequence(sent/rcvd/exp): 2050/2050/2051
Route active on the routing table:
FortiGate# get router info routing-table all
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 10.10.1.254, wan1
[10/0] via 10.193.0.225, port10, [10/0]
C 10.109.16.0/20 is directly connected, wan1
C 10.193.0.0/20 is directly connected, port10
C 10.195.0.0/20 is directly connected, port9
Policy route active:
FortiGate# diagnose firewall proute list
list route policy info(vf=root):
id=1 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0:0 iif=5 dport=0-65535 oif=6 gwy=10.193.0.225
source wildcard(1): 0.0.0.0/0.0.0.0
destination wildcard(1): 0.0.0.0/0.0.0.0
hit_count=670 last_used=2021-12-15 04:08:38
******* link-monitor 1 failed to reach server 8.8.4.4 ******
Link monitor status: Failed/Die.
FortiGate# diagnose sys link-monitor status
Link Monitor: 1, Status: die, Server num(1), Flags=0x9 init, Create time: Wed Dec 15 03:48:16 2021
Source interface: port10 (6)
Gateway: 10.193.0.225
Interval: 500 ms
Peer: 8.8.4.4(8.8.4.4)
Source IP(10.193.1.69)
Route: 10.193.1.69->8.8.4.4/32, gwy(10.193.0.225)
protocol: ping, state: die
Packet lost: 27.000%
Number of out-of-sequence packets: 0
Recovery times(0/5) Fail Times(3/5)
Packet sent: 2113, received: 1547, Sequence(sent/rcvd/exp): 2114/2085/2086
Route removed from the routing table ( [10/0] via 10.193.0.225, port10, [10/0] :(.
FortiGate# get router info routing-table all
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 10.10.1.254, wan1
C 10.109.16.0/20 is directly connected, wan1
C 10.193.0.0/20 is directly connected, port10
C 10.195.0.0/20 is directly connected, port9
Policy route status: disable.
FortiGate# diagnose firewall proute list
list route policy info(vf=root):
id=1 dscp_tag=0xff 0xff flags=0x8 disable tos=0x00 tos_mask=0x00 protocol=0 sport=0:0 iif=5 dport=0-65535 oif=6 gwy=10.193.0.225
source wildcard(1): 0.0.0.0/0.0.0.0
destination wildcard(1): 0.0.0.0/0.0.0.0
hit_count=664 last_used=2021-12-15 04:05:37
Conclusion.
With 'set update-static-route enable' configured on Link-monitor, If link monitor fails to reach the configured server (Link monitor fail), the configured static route will be removed from the routing table and the policy routes associated with that static route will be disabled.
Related articles:
Technical Note: PBR and Routing Behavior
Technical Tip: Link-Monitor Explained
|
