Description |
This article describes how to Interpret routing table.
Identify how FortiGate decides which routes are activated in routing table. Identify how FortiGate chooses the best route using route attributes. |
Scope | |
Solution |
To display static route:
Fom GUI , go to Dashboard -> Network -> Routing ->Static & Dynamic.
Here in the top right corner, it will be possible to find types of routes.
Option which can be selected from GUI:
1.Static & Dynamic 2.Policy 3.BGP Neighbors 4.BGP paths 5.OSPF Neighbors
To view the static routes, it will be necessary to select 'Static & Dynamic'. As shown in the below figure, it is possible to view all the active routes which are currently active. Inactive routes will not be shown here from GUI.
Only routes which are active on which traffic is passing through. Few other information, like VRF and upsince information will be visible.
It is possible to add those information by selecting settings tab on top left table as shown below.
It is also possible to check if traffic is hitting route, by using route lookup option on top left:
As shown in above image, it is possible to mention destination IP address, port, source machine IP, protocol and its source interface.
It will be possible to know which route traffic is passing through as shown in the below image.
To display Policy Routes.
Using policy route, will able to route traffic through specific WAN interface in case of multiple WAN interface.
It is possible to see the policy routes under Dashboard -> Network -> Routing.
As shown in below, there are two policy routes:
To view the policy routes through CLI, execute the below command:
# diagnose firewall proute list
photon-kvm53 # diagnose firewall proute list list route policy info(vf=root):
id=2 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=5 dport=0-65535 path(1) oif=3(port1) gwy=10.5.31.254 source wildcard(1): 172.31.138.0/255.255.255.0 destination wildcard(1): 0.0.0.0/0.0.0.0 internet service(1): Zoom.us-Zoom.Meeting(6422646,0,0,0) hit_count=0 last_used=2021-11-20 16:57:35
id=3 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0-0 iif=5 dport=0-65535 path(1) oif=0() gwy=10.5.31.254 source wildcard(1): 0.0.0.0/0.0.0.0 destination wildcard(1): 0.0.0.0/0.0.0.0 internet service(1): Act-on-FTP(5242887,0,0,0) hit_count=0 last_used=2021-11-20 17:25:56
Note. Policy routes will take precedence over any other routes in the routing table. FortiGate will first check regular policy routes before coming to SD-WAN policy routes (if any) and then the routing table. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.