Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
seshuganesh
Staff
Staff

Created on ‎11-24-2021 02:27 AM

Article Id 199421

Technical Tip: How to view routes different type of active routes from GUI

Description

This article describes how to Interpret routing table.

 

Identify how FortiGate decides which routes are activated in routing table.

Identify how FortiGate chooses the best route using route attributes.
Scope  
Solution

To display static route:

 

Fom GUI , go to Dashboard -> Network -> Routing ->Static & Dynamic.

 

Here in the top right corner, it will be possible to find types of routes.

 

Option which can be selected from GUI:

 

1.Static & Dynamic

2.Policy

3.BGP Neighbors

4.BGP paths

5.OSPF Neighbors

seshuganesh_0-1637747759555.png

 

 

To view the static routes, it will be necessary to select 'Static & Dynamic'.

As shown in the below figure, it is possible to view all the active routes which are currently active.

Inactive routes will not be shown here from GUI.

 

Only routes which are active on which traffic is passing through.

Few other information, like VRF and upsince information will be visible.

 

seshuganesh_1-1637747898389.png
 

It is possible to add those information by selecting settings tab on top left table as shown below.

 

seshuganesh_2-1637747918865.png

 

It is also possible to check if traffic is hitting route, by using route lookup option on top left:

 

seshuganesh_3-1637748155477.png

 

As shown in above image, it is possible to mention destination IP address, port, source machine IP, protocol and its source interface.

 

It will be possible to know which route traffic is passing through as shown in the below image.

 

seshuganesh_4-1637748174975.png

 

To display Policy Routes.

 

Using policy route, will able to route traffic through specific WAN interface in case of multiple WAN interface.

 

It is possible to see the policy routes under Dashboard -> Network -> Routing.

 

As shown in below, there are two policy routes:

 

seshuganesh_5-1637748273034.png

 

To view the policy routes through CLI, execute the below command:

 

# diagnose firewall proute list

 

photon-kvm53 # diagnose firewall proute list

list route policy info(vf=root):

 

id=2 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=5 dport=0-65535 path(1) oif=3(port1) gwy=10.5.31.254

source wildcard(1): 172.31.138.0/255.255.255.0

destination wildcard(1): 0.0.0.0/0.0.0.0

internet service(1): Zoom.us-Zoom.Meeting(6422646,0,0,0)

hit_count=0 last_used=2021-11-20 16:57:35

 

id=3 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=5 dport=0-65535 path(1) oif=0() gwy=10.5.31.254

source wildcard(1): 0.0.0.0/0.0.0.0

destination wildcard(1): 0.0.0.0/0.0.0.0

internet service(1): Act-on-FTP(5242887,0,0,0)

hit_count=0 last_used=2021-11-20 17:25:56

 

Note.

Policy routes will take precedence over any other routes in the routing table.

FortiGate will first check regular policy routes before coming to SD-WAN policy routes (if any) and then the routing table.
1471
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.