FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 197595



This article describes how to identify any routes marked as inactive in the routing table using the CLI command get router info routing-table database.



Distance or administrative distance is a number used by routers to determine which route is preferred for a particular destination.
If there are two routes to the same destination, the one with the smaller distance is considered better and used for routing.

The routes with higher distances are inactive and not added to the routing table.
If an interface is down, or FortiGate does not have Layer 2 connectivity to a subnet, that route is also considered inactive and will not be added to the routing table.

The command get router info routing-table details does not show inactive routes and displays only the one with the lowest distance (the active one).

For example, when two static routes to the same destination subnet have different distances, the one with the lower distance is active.
The one with the higher distance is inactive.

If the conditions to get a route into the routing table are not met, then the route is set by the FortiGate as inactive in the output of the get router info routing-table database.

The following routes will appear as inactive:


  • A static route on an interface with a static IP address is defined where the static IP address is in a different subnet than the default gateway.
  • DHCP interface where the DHCP IP address of the interface is in a different subnet than the default gateway (i.e. due to an incorrectly configured DHCP server).
  • Static routes on any interface configured with a failed link monitor (also known as the link health monitor/gateway detect / dead gateway detection feature).
  • Static route on an IPSec VPN tunnel interface that is down (i.e. Phase 1 is down).
  • Static route on any interface that is configured in Performance SLA with a failed link.

In the example below, the default static route is marked as inactive because its default gateway ( is in a different subnet than the static IP address configured for the wan1 interface (


FGT get router info routing-table database

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       > - selected route, * - FIB route, p - stale info

S [10/0] via, wan1 inactive
C    *> is directly connected, internal
C    *> is directly connected, wan1
C    *> is directly connected, wifi


To view the active routes, need to execute the below command:


get router info routing-table details


To view the route for a specific destination, execute the below command.


get router info routing-table details x.x.x.x   <----- Here x.x.x.x is the destination IP.


Related document:
Routing Concepts

Related articles:

Technical Tip: FortiGate routing table conditions

Technical Tip: Routing in FortiGate (route-lookup-process)

Technical Note: Routing behavior depending on distance and priority for static routes, and Policy Ba...