Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jiahoong112
Staff
Staff

Created on ‎01-11-2023 10:31 PM Edited on ‎04-22-2025 11:04 PM By Community Manager

Article Id 242693

Technical Tip: How to Perform Routing Lookup from GUI and CLI

Description This article describes how to perform routing lookup on FortiGate from GUI and CLI and also covers the difference between the lookup on the GUI and CLI.
Scope

FortiGate.
Solution

On v6.0.x, v6.2.,x or below: Go to Monitor -> Routing Monitor.

 

jiahoong112_1-1673497376169.png

 

On v6.4.x and above Go to Dashboard -> Network -> Routing.

 

jiahoong112_0-1673496827247.png

 

Related document:

Static & Dynamic Routing monitor

 

Why use the Routing Lookup in the Routing Widget instead of CLI:

The CLI version of this is this command ' get router info routing-table detail <ip>'. The output of this command will only show the routes taken by the FIB. It will not show whether the traffic will get routed through Policy Routes or not. 

The advantage of using the Routing Lookup on the GUI is that if the route matches a Policy Route or SDWAN Rule, it will show that it gets matched. Furthermore, it is possible to specify Source IP and/or Source Interface on the Routing Lookup Widget.

This is beneficial if we want to see how traffic from a specific VLAN, source IP etc is getting routed. 

 

Local-Out Traffic aka Fortigate Self-Originating Traffic.

 

  1. After opening the widget, select Route Lookup. As visible here, only the Destination IP field is mandatory to be filled up.

 

jiahoong112_2-1673497583617.png

 

  1. If only the Destination IP is entered, the result will show how FortiGate would route the traffic by Default. This is important especially when multiple WAN links or SD-WAN are used. The default route shown here also tells that this is the route that FortiGuard services will use, DNS, FortiCloud logging etc. 

 

This is an example where Policy Routes/SD-WAN Rules are taken instead of the FIB. In FortiGate's Routing Precedence, Policy Routes and SD-WAN Rules are similar. Policy Routes take higher precedence than SD-WAN Rules.

 

  1. SD-WAN Rule is configured here.

 

jiahoong112_3-1673499835790.png

 

  1. Route Lookup - 8.8.8.8.

 

jiahoong112_4-1673499874667.png

 

  1. Policy Route is chosen.

 

jiahoong112_5-1673499908182.png

 

  1. When referring to the FIB from CLI, it is showing that traffic to 8.8.8.8 will usually take port1 first.

 

jiahoong112_6-1673499998901.png

 

This is evident when both existing SD-WAN Rules had been Disabled:

 

jiahoong112_7-1673500069916.png

 

Note:  

As part of the redesign of the GUI dashboard and FortiView pages, the refresh interval feature that was available in the Routing Monitor in v7.2.x has been removed starting from v7.4.0 and later. Routes can now be refreshed manually using the refresh button located at the top right corner, or by navigating to another page and then returning to the Routing Monitor.

 

This change was implemented under the project ID 863212, as mentioned in this document: Changes in GUI behavior 

 

More information about FortiGate's Route Lookup Process:

Technical Tip: Routing in FortiGate (route-lookup-process)
Labels:
32462
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.