Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acvaldez
Staff
Staff

Created on ‎05-22-2022 06:43 AM Edited on ‎07-22-2025 03:42 AM By Moderator

Article Id 212757

Technical Tip: How to display Kernel route

Description

This article describes how to display the Kernel routing table of FortiGate.
Scope FortiGate.
Solution

From CLI:

 

get router info kernel

 

Sample output:

 

get router info kernel

 

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.47.0.0/32 pref=10.47.1.42 gwy=0.0.0.0 dev=3(port1)

tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.47.1.42/32 pref=10.47.1.42 gwy=0.0.0.0 dev=3(port1)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.47.3.255/32 pref=10.47.1.42 gwy=0.0.0.0 dev=3(port1)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.115.0.0/32 pref=10.115.1.42 gwy=0.0.0.0 dev=4(port2)

tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.115.1.42/32 pref=10.115.1.42 gwy=0.0.0.0 dev=4(port2)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.115.3.255/32 pref=10.115.1.42 gwy=0.0.0.0 dev=4(port2)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=13(root)

tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=13(root)

tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=13(root)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=13(root)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.0/32 pref=169.254.1.1 gwy=0.0.0.0 dev=15(fortilink)

tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=15(fortilink)

tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.255/32 pref=169.254.1.1 gwy=0.0.0.0 dev=15(fortilink)

tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=10.47.3.254 dev=3(port1)

tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.47.0.0/22 pref=10.47.1.42 gwy=0.0.0.0 dev=3(port1)

tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.115.0.0/22 pref=10.115.1.42 gwy=0.0.0.0 dev=4(port2)

tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.0/24 pref=169.254.1.1 gwy=0.0.0.0 dev=15(fortilink)

 

The output can also be filtered using a grep command:

 

get router info kernel | grep 10.47.1.42

tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.47.1.42/32 pref=10.47.1.42 gwy=0.0.0.0 dev=3(port1)

 

To filter the kernel routes based on the proto ID:

 

get router info kernel 2 <---

get router info kernel 11  <---

 

This is important to check if a specific route is installed in kernel routes.

 

The kernel routing table entries are:

 

Value Description
tab 254 (Unicast) or 255 (multicast).
vf VDOM index number or VDOMs are not enabled; this number is 0.
type Type of routing connection.
proto Where the route come from.
prio Priority of the route, lower priorities are preferred.
pref Preferred next hop.
gwy The address of the gateway this route will use.
dev Outgoing interface index.

 

The type entries are:

 

Type ID Description
0 Unspecific
1 Unicast
2 Local
3 Broadcast
4 Anycast
5 Multicast
6 Blackhole
7 Unreachable
8 Prohibited

 

The proto entries are:

 

Proto Description
0 unspecific
2 Kernel
11 ZebOS routing module
14 FortiOs
15 HA
16 Authentication based
17 HA1
18 HA Kernel routes

 

Sample dev=3:

 

diagnose netlink interface list | grep index=3

 

if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0

 

In the context of Kernel routing tables, the 'scope' value indicates the reachability of a route.

  • A 'scope' value of 0 indicates a global route.
    This means the route is valid for the entire network and can be used to route traffic beyond the local network segment.
  • A 'scope' value of 253 typically represents a site-local route.
    This means the route is intended for use within a specific site or organisation and is not meant to be used for routing traffic outside of that site.
  • A 'scope' value of 254 typically represents a link-local route.
    This means the route is only valid within the local network segment and is not intended for routing traffic beyond the local link.
  • A 'scope' value of 255 typically represents a host route.
    This means the route is specific to a single host or device, and it is used to direct traffic to that particular host.
Labels:
8096
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.